Commit a9a06ee4 authored by Matthias Clasen's avatar Matthias Clasen

Add a (#ifdef 0'ed) test provoking a segfault in TIFFReadDirectory().

	* test-images.h (tiff1_test_3), test-loaders.c (main): Add a
	(#ifdef 0'ed) test provoking a segfault in TIFFReadDirectory().

	* io-ico.c (DecodeHeader): Check that pixbuf could be allocated.

	* test-images.h (ico_test_2), test-loaders.c (main): Test the
	previous change.

	* io-wbmp.c (gdk_pixbuf__wbmp_image_load_increment): Don't write
	beyond the end of buffer if width % 8 != 0.

	* io-tga.c (try_preload): Enforce that ctx->hdr->type is one of
	the supported types, otherwise parse_data_for_row () will not make
	any progress, leading to an infinite loop.
parent 67051d64
2002-02-10 Matthias Clasen <matthias@local>
* test-images.h (tiff1_test_3), test-loaders.c (main): Add a
(#ifdef 0'ed) test provoking a segfault in TIFFReadDirectory().
* io-ico.c (DecodeHeader): Check that pixbuf could be allocated.
* test-images.h (ico_test_2), test-loaders.c (main): Test the
previous change.
* io-wbmp.c (gdk_pixbuf__wbmp_image_load_increment): Don't write
beyond the end of buffer if width % 8 != 0.
* io-tga.c (try_preload): Enforce that ctx->hdr->type is one of
the supported types, otherwise parse_data_for_row () will not make
any progress, leading to an infinite loop.
Mon Feb 11 14:31:53 2002 Owen Taylor <otaylor@redhat.com>
* pixops/pixops.c (bilinear_make_weights): Fix handing of
......
......@@ -252,7 +252,8 @@ gdk_pixbuf_loader_load_module (GdkPixbufLoader *loader,
return 0;
}
//g_print ("\n%s\n", priv->image_module->module_name);
priv->context = priv->image_module->begin_load (gdk_pixbuf_loader_prepare,
gdk_pixbuf_loader_update,
loader,
......
......@@ -453,6 +453,13 @@ static void DecodeHeader(guchar *Data, gint Bytes,
gdk_pixbuf_new(GDK_COLORSPACE_RGB, TRUE, 8,
State->Header.width,
State->Header.height);
if (!State->pixbuf) {
g_set_error (error,
GDK_PIXBUF_ERROR,
GDK_PIXBUF_ERROR_INSUFFICIENT_MEMORY,
_("Not enough memory to load icon"));
return;
}
if (State->prepared_func != NULL)
/* Notify the client that we are ready to go */
......
......@@ -633,6 +633,20 @@ static gboolean try_preload(TGAContext *ctx, GError **err)
_("TGA image type not supported"));
return FALSE;
}
switch (ctx->hdr->type) {
case TGA_TYPE_PSEUDOCOLOR:
case TGA_TYPE_TRUECOLOR:
case TGA_TYPE_GRAYSCALE:
case TGA_TYPE_RLE_PSEUDOCOLOR:
case TGA_TYPE_RLE_TRUECOLOR:
case TGA_TYPE_RLE_GRAYSCALE:
break;
default:
g_set_error(err, GDK_PIXBUF_ERROR,
GDK_PIXBUF_ERROR_UNKNOWN_TYPE,
_("TGA image type not supported"));
return FALSE;
}
if (!fill_in_context(ctx, err))
return FALSE;
} else {
......
......@@ -333,6 +333,9 @@ static gboolean gdk_pixbuf__wbmp_image_load_increment(gpointer data,
{
guchar pixval;
if (context->curx + (7 - xoff) == context->width)
break;
if(byte & (1<<xoff))
pixval = 0xFF;
else
......
......@@ -7572,4 +7572,34 @@ static unsigned char const xpm_test_1[] = {
46, 46, 32, 32, 46, 46, 32, 32, 46, 46, 34, 10, 125, 59, 10
};
static unsigned char const ico_test_2[] = {
0, 0, 1, 0, 1, 0, 16, 16, 16, 0, 0, 0, 0, 0, 40, 1, 0, 0, 22, 0,
0, 0, 40, 0, 0, 0, 233, 0, 0, 0, 32, 0, 140, 0, 1, 0, 4, 0, 0, 0,
0, 0, 128, 0, 0, 0, 0, 191, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 114, 0, 0, 128, 0, 0, 128, 0, 0, 0, 128, 128, 0, 128,
0, 0, 0, 128, 0, 128, 0, 128, 128, 0, 0, 192, 192, 192, 0, 128,
128, 128, 0, 103, 0, 255, 0, 0, 255, 0, 0, 0, 255, 255, 0, 255, 0,
0, 0, 255, 0, 255, 0, 255, 6, 0, 0, 255, 255, 255, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 148, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 153, 153, 153, 9, 144, 0, 0, 0, 0, 153,
0, 0, 0, 0, 0, 0, 0, 153, 0, 0, 153, 0, 0, 0, 9, 153, 144, 0, 231,
144, 0, 0, 153, 144, 153, 0, 9, 144, 0, 9, 153, 0, 9, 144, 9, 153,
0, 153, 144, 0, 153, 172, 153, 110, 153, 153, 153, 144, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 153, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 0, 0, 81, 255, 0, 0,
255, 255, 0, 0, 240, 55, 0, 0, 240, 39, 0, 0, 252, 123, 0, 199,
252, 113, 0, 0, 248, 48, 0, 0, 73, 24, 0, 0, 227, 136, 0, 0, 129,
0, 0, 0, 1, 255, 0, 0, 255, 255, 0, 0, 255, 255, 0, 0, 255, 255,
255, 0, 255, 255, 0, 0
};
static unsigned char const tiff1_test_3[] = {
77, 77, 0, 42, 0, 0, 6, 222, 128, 0, 32, 80, 56, 36, 22, 13, 7, 132, 66, 97, 80, 184, 100, 54, 29, 15, 136, 68, 98, 81, 56, 164, 86, 45, 23, 140, 70, 99, 81, 184, 228, 118, 61, 21, 23, 72, 79, 231, 227, 233, 116, 184, 89, 143, 202, 101, 82, 162, 188, 181, 194, 224, 112, 61, 222, 207, 86, 179, 61, 148, 138, 65, 159, 2, 179, 185, 92, 246, 125, 15, 157, 133, 90, 12, 246, 123, 241, 246, 251, 123, 61, 30, 109, 38, 107, 33, 40, 139, 66, 22, 138, 165, 41, 253, 86, 54, 98, 172, 48, 23, 203, 213, 98, 165, 76, 74, 35, 17, 32, 198, 171, 35, 201, 224, 239, 122, 218, 108, 238, 230, 67, 9, 124, 160, 75, 164, 12, 69, 210, 184, 136, 56, 28, 82, 94, 98, 36, 1, 232, 245, 212, 233, 116, 188, 29, 206, 198, 189, 49, 84, 161, 76, 19, 9, 4, 104, 26, 149, 72, 163, 117, 186, 157, 86, 103, 123, 149, 198, 224, 98, 175, 151, 9, 116, 122, 31, 21, 98, 189, 104, 97, 233, 100, 178, 85, 220, 237, 118, 62, 38, 83, 86, 82, 141, 50, 145, 206, 160, 4, 91, 53, 122, 189, 93, 131, 200, 185, 220, 141, 210, 99, 25, 140, 188, 91, 39, 243, 131, 209, 216, 215, 69, 199, 134, 41, 241, 249, 118, 235, 133, 186, 218, 108, 83, 49, 9, 4, 66, 0, 244, 110, 52, 153, 121, 74, 39, 11, 113, 175, 209, 102, 178, 88, 11, 133, 226, 209, 86, 148, 70, 33, 5, 98, 113, 63, 35, 221, 8, 68, 161, 208, 141, 38, 83, 17, 146, 194, 94, 47, 86, 170, 222, 169, 232, 136, 190, 11, 130, 184, 164, 51, 174, 102, 17, 114, 89, 23, 101, 145, 84, 93, 150, 37, 65, 84, 80, 19, 35, 152, 218, 51, 61, 240, 170, 14, 190, 7, 176, 49, 100, 85, 148, 36, 211, 168, 64, 191, 225, 234, 18, 156, 142, 164, 154, 160, 69, 144, 99, 232, 210, 49, 139, 175, 96, 69, 11, 56, 226, 228, 100, 69, 145, 68, 74, 66, 21, 160, 99, 80, 202, 47, 196, 130, 0, 118, 28, 33, 129, 112, 86, 21, 142, 131, 104, 206, 55, 64, 143, 91, 219, 24, 52, 43, 184, 56, 114, 74, 7, 201, 240, 124, 24, 37, 241, 116, 28, 6, 161, 146, 7, 33, 201, 104, 130, 130, 147, 138, 177, 216, 180, 226, 7, 10, 12, 152, 159, 10, 162, 168, 168, 180, 158, 167, 137, 224, 120, 25, 102, 25, 120, 65, 15, 131, 172, 204, 138, 72, 97, 88, 161, 61, 140, 163, 24, 196, 169, 138, 82, 192, 101, 59, 204, 232, 240, 218, 53, 141, 103, 91, 0, 104, 153, 198, 97, 112, 88, 149, 114, 64, 196, 187, 47, 8, 117, 14, 53, 151, 148, 201, 207, 77, 166, 115, 105, 222, 119, 81, 71, 57, 162, 250, 151, 80, 220, 76, 66, 175, 146, 5, 10, 140, 71, 225, 193, 160, 101, 24, 102, 65, 130, 93, 145, 164, 49, 1, 65, 72, 41, 13, 50, 93, 158, 170, 85, 122, 121, 157, 167, 89, 215, 79, 157, 172, 17, 216, 109, 155, 6, 171, 192, 250, 24, 144, 73, 82, 71, 186, 178, 85, 86, 140, 19, 132, 161, 30, 88, 148, 228, 248, 214, 51, 12, 8, 52, 92, 129, 175, 161, 233, 168, 105, 26, 71, 205, 204, 120, 157, 231, 105, 230, 179, 29, 39, 49, 200, 238, 155, 39, 41, 196, 111, 154, 70, 113, 148, 106, 25, 230, 89, 159, 89, 22, 69, 65, 64, 55, 197, 97, 91, 103, 105, 162, 243, 201, 17, 58, 8, 81, 242, 12, 217, 132, 79, 96, 78, 104, 168, 105, 145, 234, 153, 158, 135, 97, 210, 115, 155, 134, 177, 164, 214, 86, 5, 225, 142, 205, 86, 69, 217, 90, 83, 148, 70, 17, 112, 87, 147, 196, 177, 28, 190, 7, 120, 34, 45, 60, 135, 25, 138, 7, 39, 32, 116, 33, 109, 155, 159, 89, 201, 229, 116, 88, 39, 65, 181, 124, 89, 134, 81, 128, 93, 25, 70, 9, 117, 102, 60, 69, 203, 244, 87, 51, 132, 64, 247, 9, 101, 200, 169, 81, 169, 221, 103, 149, 210, 118, 22, 244, 128, 132, 226, 32, 195, 72, 210, 51, 234, 178, 145, 240, 164, 158, 102, 249, 178, 106, 233, 38, 57, 122, 91, 25, 15, 25, 158, 99, 152, 6, 107, 50, 97, 212, 186, 17, 114, 85, 148, 68, 208, 148, 36, 52, 26, 138, 30, 147, 11, 151, 89, 227, 94, 158, 135, 57, 198, 112, 212, 165, 73, 8, 62, 142, 242, 200, 92, 129, 151, 5, 193, 110, 122, 221, 116, 237, 218, 113, 154, 134, 105, 142, 101, 152, 69, 217, 156, 99, 23, 230, 81, 132, 93, 110, 69, 241, 160, 182, 243, 229, 249, 121, 5, 17, 196, 48, 254, 187, 130, 187, 242, 33, 152, 134, 171, 105, 123, 205, 24, 87, 217, 132, 225, 17, 227, 80, 198, 47, 192, 130, 234, 130, 109, 186, 24, 149, 66, 107, 26, 38, 103, 82, 103, 51, 60, 225, 163, 56, 151, 134, 100, 228, 100, 232, 197, 225, 102, 85, 146, 164, 105, 10, 36, 97, 61, 146, 42, 56, 71, 68, 239, 178, 66, 241, 130, 147, 20, 129, 139, 162, 200, 168, 25, 36, 55, 121, 191, 171, 157, 23, 145, 160, 100, 152, 102, 51, 52, 241, 150, 59, 161, 103, 207, 152, 6, 41, 118, 44, 215, 240, 151, 16, 65, 236, 58, 56, 231, 188, 70, 147, 33, 197, 75, 68, 21, 84, 170, 213, 218, 57, 24, 176, 231, 27, 111, 32, 106, 147, 97, 150, 102, 69, 184, 175, 21, 78, 116, 90, 183, 129, 54, 36, 132, 80, 130, 44, 1, 10, 3, 154, 36, 156, 14, 209, 251, 134, 28, 6, 8, 118, 141, 241, 180, 53, 143, 2, 163, 24, 109, 200, 95, 139, 5, 252, 122, 4, 48, 56, 125, 144, 149, 10, 187, 67, 188, 53, 7, 80, 231, 50, 195, 124, 109, 141, 56, 46, 243, 5, 240, 205, 24, 130, 244, 90, 10, 161, 27, 24, 10, 145, 24, 12, 201, 244, 78, 137, 193, 56, 44, 197, 144, 175, 21, 162, 168, 84, 9, 1, 26, 34, 140, 81, 140, 135, 132, 29, 46, 13, 65, 160, 50, 199, 41, 206, 55, 67, 132, 104, 191, 72, 148, 47, 22, 104, 180, 131, 226, 45, 105, 17, 16, 214, 89, 23, 24, 208, 87, 236, 236, 119, 194, 193, 224, 106, 25, 248, 206, 65, 34, 168, 58, 36, 136, 198, 65, 198, 64, 196, 24, 17, 164, 110, 142, 56, 136, 53, 222, 73, 226, 23, 2, 232, 87, 138, 120, 66, 31, 8, 144, 66, 147, 76, 92, 115, 46, 177, 224, 229, 35, 224, 238, 129, 235, 200, 111, 201, 1, 152, 43, 197, 40, 157, 72, 161, 156, 19, 176, 57, 14, 64, 133, 140, 91, 28, 67, 116, 108, 194, 225, 172, 53, 70, 112, 200, 25, 169, 200, 96, 11, 97, 90, 137, 8, 144, 70, 44, 48, 76, 105, 158, 9, 28, 54, 230, 56, 215, 140, 238, 100, 99, 140, 83, 128, 37, 196, 112, 135, 125, 136, 226, 87, 144, 65, 24, 124, 155, 48, 213, 152, 242, 224, 100, 58, 145, 122, 130, 132, 123, 174, 54, 106, 84, 136, 7, 64, 222, 26, 163, 138, 204, 137, 13, 38, 36, 10, 241, 76, 39, 131, 179, 224, 154, 164, 28, 44, 166, 161, 178, 53, 6, 116, 182, 59, 195, 73, 231, 11, 241, 104, 43, 5, 24, 154, 18, 65, 152, 47, 133, 160, 106, 72, 72, 144, 123, 14, 193, 200, 105, 155, 214, 50, 185, 32, 184, 196, 84, 162, 180, 82, 9, 196, 4, 19, 39, 153, 6, 73, 194, 248, 91, 139, 37, 152, 53, 92, 211, 165, 100, 194, 197, 213, 138, 161, 60, 37, 68, 115, 218, 15, 193, 173, 29, 168, 66, 24, 50, 6, 48, 196, 29, 99, 160, 115, 77, 199, 252, 45, 5, 17, 175, 160, 238, 62, 140, 144, 119, 92, 30, 197, 240, 182, 21, 238, 113, 207, 58, 8, 148, 47, 88, 248, 182, 168, 34, 181, 126, 138, 5, 74, 42, 160, 200, 170, 19, 162, 100, 75, 136, 163, 228, 38, 132, 200, 152, 22, 85, 108, 106, 85, 213, 204, 62, 98, 8, 229, 159, 131, 21, 13, 8, 48, 246, 29, 105, 233, 10, 9, 205, 238, 95, 10, 97, 127, 80, 159, 227, 69, 104, 135, 141, 181, 11, 74, 36, 44, 155, 104, 184, 134, 82, 204, 109, 14, 65, 192, 55, 71, 66, 239, 148, 3, 246, 194, 20, 161, 226, 188, 134, 244, 220, 91, 2, 124, 42, 86, 186, 210, 67, 4, 200, 144, 17, 66, 224, 87, 10, 119, 160, 244, 133, 227, 206, 166, 242, 236, 94, 86, 57, 184, 54, 74, 96, 224, 27, 99, 93, 203, 194, 197, 130, 58, 99, 72, 222, 60, 13, 208, 89, 30, 144, 250, 7, 9, 229, 143, 173, 69, 218, 84, 156, 40, 154, 40, 134, 32, 188, 22, 182, 98, 73, 60, 227, 126, 45, 157, 56, 193, 166, 241, 180, 97, 186, 113, 132, 55, 70, 192, 212, 146, 3, 46, 35, 12, 90, 228, 131, 196, 192, 80, 124, 246, 200, 135, 161, 32, 210, 41, 40, 18, 15, 19, 44, 156, 83, 87, 118, 228, 47, 97, 149, 203, 174, 85, 17, 102, 89, 177, 138, 47, 238, 13, 148, 20, 194, 0, 60, 7, 59, 168, 68, 138, 8, 118, 156, 239, 206, 156, 137, 25, 124, 41, 6, 11, 39, 116, 181, 141, 231, 39, 17, 118, 219, 198, 3, 111, 24, 35, 68, 182, 161, 171, 34, 141, 143, 93, 239, 34, 133, 4, 53, 23, 49, 10, 31, 131, 184, 145, 132, 55, 96, 73, 78, 225, 58, 47, 167, 248, 192, 131, 50, 244, 87, 215, 115, 126, 45, 5, 176, 172, 20, 135, 160, 66, 162, 28, 20, 71, 33, 27, 190, 11, 171, 108, 48, 7, 164, 36, 36, 4, 72, 130, 68, 194, 16, 78, 9, 49, 25, 7, 196, 81, 156, 16, 242, 20, 52, 192, 108, 78, 74, 84, 163, 142, 73, 78, 57, 199, 35, 240, 106, 227, 148, 166, 63, 201, 89, 47, 38, 100, 220, 157, 147, 242, 134, 81, 202, 81, 140, 128, 128, 0, 14, 1, 0, 0, 3, 0, 0, 0, 1, 0, 47, 0, 0, 1, 1, 0, 3, 0, 0, 0, 1, 0, 48, 0, 0, 1, 2, 181, 3, 0, 0, 0, 3, 0, 0, 7, 140, 1, 3, 0, 3, 0, 0, 0, 1, 0, 5, 0, 0, 1, 6, 0, 3, 0, 0, 0, 1, 0, 2, 0, 0, 1, 17, 0, 4, 0, 0, 0, 1, 0, 0, 0, 8, 1, 18, 0, 3, 0, 0, 0, 1, 0, 1, 0, 0, 1, 21, 0, 3, 0, 0, 0, 1, 0, 3, 0, 0, 1, 22, 0, 3, 0, 0, 0, 1, 0, 48, 0, 0, 1, 23, 0, 79, 0, 0, 0, 1, 0, 0, 6, 214, 1, 26, 0, 5, 0, 0, 0, 1, 0, 0, 7, 146, 1, 27, 0, 5, 0, 0, 0, 1, 0, 0, 7, 154, 1, 28, 0, 3, 0, 0, 0, 1, 0, 1, 0, 0, 1, 40, 0, 3, 0, 0, 0, 1, 0, 2, 0, 0, 0, 0, 0, 0, 0, 8, 0, 8, 0, 8, 18, 192, 0, 0, 0, 4, 0, 0, 18, 192, 0, 0, 0, 4, 0, 0
};
#endif
......@@ -403,22 +403,24 @@ main (int argc, char **argv)
TEST (valid_ico_test, TRUE);
TEST (ico_test_1, FALSE);
TEST (ico_test_2, FALSE);
TEST (valid_jpeg_test, TRUE);
TEST (valid_tiff1_test, TRUE);
TEST (tiff1_test_1, FALSE);
TEST (tiff1_test_2, FALSE);
#if 0
TEST (tiff1_test_3, FALSE); /* Segfault in TIFFReadDirectory with libtiff 3.5.5, fixed in 3.5.7 */
#endif
TEST (valid_tga_test, TRUE);
TEST (tga_test_1, FALSE);
TEST (xpm_test_1, FALSE);
#if 0
TEST (wbmp_test_1, FALSE);
TEST (wbmp_test_2, FALSE);
#endif
TEST_RANDOM (GIF_HEADER, 150, FALSE);
TEST_RANDOM (PNG_HEADER, 1100, FALSE);
......@@ -432,12 +434,10 @@ main (int argc, char **argv)
TEST_RANDOMLY_MODIFIED (valid_gif_test, FALSE);
TEST_RANDOMLY_MODIFIED (valid_png_test, FALSE);
TEST_RANDOMLY_MODIFIED (valid_tga_test, FALSE);
TEST_RANDOMLY_MODIFIED (valid_jpeg_test, FALSE); /* The jpeg loader does not break */
TEST_RANDOMLY_MODIFIED (valid_ico_test, FALSE); /* The ico loader does not seem to
* break, but the image tend to
* mutate into a wbmp image, and
* the wbmp loader is broken
*/
TEST_RANDOMLY_MODIFIED (valid_jpeg_test, FALSE);
TEST_RANDOMLY_MODIFIED (valid_ico_test, FALSE);
/* memory tests */
/* How do the loaders behave when memory is low?
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment