Commit c4eeccd5 authored by Darin Adler's avatar Darin Adler

Prevent empty gradients from crashing librsvg.

	* rsvg-paint-server.c: (rsvg_paint_server_lin_grad_render),
	(rsvg_paint_server_rad_grad_render): Prevent empty gradients
	from crashing librsvg.

	* rsvg.c: (rsvg_start_svg): Prevent huge image sizes from causing
	a core dump by doing overflow checking and using g_try_malloc
	instead of g_new.

	* test-64684-1.svg:
	* test-64684-2.svg:
	Add some more test cases.
parent 9d0b6ae6
2001-12-03 Darin Adler <darin@bentspoon.com>
* rsvg-paint-server.c: (rsvg_paint_server_lin_grad_render),
(rsvg_paint_server_rad_grad_render): Prevent empty gradients
from crashing librsvg.
* rsvg.c: (rsvg_start_svg): Prevent huge image sizes from causing
a core dump by doing overflow checking and using g_try_malloc
instead of g_new.
* test-64684-1.svg:
* test-64684-2.svg:
Add some more test cases.
Tue Nov 20 20:20:50 2001 Owen Taylor <otaylor@redhat.com>
* configure.in (dnl): Add some quoting needed by
......
......@@ -153,6 +153,11 @@ rsvg_paint_server_lin_grad_render (RsvgPaintServer *self, ArtRender *ar,
agl = z->agl;
if (agl == NULL)
{
if (rlg->stops->n_stop == 0)
{
/* g_warning ("gradient with no stops -- should be rejected by parser"); */
return;
}
agl = g_new (ArtGradientLinear, 1);
agl->n_stops = rlg->stops->n_stop;
agl->stops = rsvg_paint_art_stops_from_rsvg (rlg->stops);
......@@ -217,6 +222,11 @@ rsvg_paint_server_rad_grad_render (RsvgPaintServer *self, ArtRender *ar,
agr = z->agr;
if (agr == NULL)
{
if (rrg->stops->n_stop == 0)
{
/* g_warning ("gradient with no stops -- should be rejected by parser"); */
return;
}
agr = g_new (ArtGradientRadial, 1);
agr->n_stops = rrg->stops->n_stop;
agr->stops = rsvg_paint_art_stops_from_rsvg (rrg->stops);
......
......@@ -207,8 +207,14 @@ rsvg_start_svg (RsvgHandle *ctx, const xmlChar **atts)
state = &ctx->state[ctx->n_state - 1];
art_affine_scale (state->affine, x_zoom, y_zoom);
rowstride = (new_width * (has_alpha ? 4 : 3) + 3) & -4;
pixels = g_new (art_u8, rowstride * new_height);
if (new_width >= INT_MAX / 4)
return;
rowstride = (new_width * (has_alpha ? 4 : 3) + 3) & ~3;
if (rowstride > INT_MAX / new_height)
return;
pixels = g_try_malloc (rowstride * new_height);
if (pixels == NULL)
return;
memset (pixels, has_alpha ? 0 : 255, rowstride * new_height);
ctx->pixbuf = gdk_pixbuf_new_from_data (pixels,
GDK_COLORSPACE_RGB,
......
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
<svg
style="fill:#000000;fill-opacity:0.5;stroke:none"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:xlink="http://www.w3.org/1999/xlink"
width="595.275591"
height="841.889764"
id="svg1"
sodipodi:docbase="/home/gpoo/images/sodipodi/"
sodipodi:docname="/home/gpoo/images/sodipodi/folder.svg"> <defs
id="defs3"> <linearGradient
id="linearGradient11"> <stop
style="stop-color:#00276f;stop-opacity:1;"
offset="0.000000"
id="stop12">
</stop>
<stop
style="stop-color:#83bfff;stop-opacity:1;"
offset="1.000000"
id="stop13">
</stop>
</linearGradient>
<linearGradient
xlink:href="#linearGradient11"
id="linearGradient14"
x1="0.314787"
y1="0.742188"
x2="0.497871"
y2="-0.187500">
</linearGradient>
<linearGradient
xlink:href="#linearGradient11"
id="linearGradient15"
x1="0.511877"
y1="0.867188"
x2="1.000000"
y2="0.000000">
</linearGradient>
</defs>
<sodipodi:namedview
id="base"
showgrid="true"
gridoriginx="0.000000"
gridoriginy="0.000000"
gridspacingx="2.834646"
gridspacingy="2.834646"
gridtolerance="5.000000"
gridcolor="#07071d"
gridopacity="1.000000"
guidetolerance="5.000000"
guidecolor="#0000ff"
guideopacity="0.498039"
guidehicolor="#ff0000"
guidehiopacity="0.498039">
</sodipodi:namedview>
<path
transform="matrix(-0.680497 -0.100835 0.270288 1.05858 1456.79 62.1556)"
style="stroke:#000000;stroke-opacity:100%;stroke-width:1pt;stroke-linejoin:miter;stroke-linecap:butt;fill:url(#linearGradient15);"
d="M 934.968 1028.58 L 991.877 1084.67 L 1106.54 1084.67 L 1054.76 1032.3 L 934.968 1028.58 z "
id="path8"
sodipodi:nodetypes="ccccc">
</path>
<path
transform="matrix(-0.657375 -0.0779928 0.288258 0.993857 1410.78 109.782)"
style="stroke:#000000; fill:#ffffff; fill-opacity:100%; stroke-opacity:100%; stroke-width:1pt; stroke-linejoin:miter; stroke-linecap:butt; "
d="M 939.241 1028.82 L 991.877 1084.67 L 1102.48 1082.34 L 1054.94 1030.23 L 939.241 1028.82 z "
id="path9"
sodipodi:nodetypes="ccccc">
</path>
<path
transform="matrix(-0.615361 -0.0753501 0.269835 0.960181 1388.27 141.688)"
style="stroke:#000000; fill:#ffffff; fill-opacity:100%; stroke-opacity:100%; stroke-width:1pt; stroke-linejoin:miter; stroke-linecap:butt; "
d="M 952.844 1032.66 L 991.877 1084.67 L 1109.59 1084.22 L 1073.03 1034.43 C 1032.97 1033.84 948.37 1031.53 952.844 1032.66 z "
id="path10"
sodipodi:nodetypes="ccccc">
</path>
<path
transform="matrix(-0.673811 -0.0898752 0.2001 0.943524 1526.29 176.078)"
style="stroke:#000000;stroke-opacity:100%;stroke-width:1pt;stroke-linejoin:miter;stroke-linecap:butt;fill:url(#linearGradient14);"
d="M 1010.85 1042.6 C 979.55 1042.32 981.361 1065.57 991.877 1084.67 L 1106.54 1084.67 C 1089.88 1057.26 1145.68 1043.81 1113.64 1043.52 L 1010.85 1042.6 z "
id="path7"
sodipodi:nodetypes="cccss">
</path>
</svg>
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 20010904//EN"
"http://www.w3.org/TR/2001/REC-SVG-20010904/DTD/svg10.dtd">
<svg
style="fill:#000000;fill-opacity:0.5;stroke:none"
width="595.275591"
height="841.889764"
id="svg1"
sodipodi:docbase="/home/gpoo/images/sodipodi/"
sodipodi:docname="/home/gpoo/images/sodipodi/folder-smooth.svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:xlink="http://www.w3.org/1999/xlink"> <defs
id="defs3"> <linearGradient
id="linearGradient47"> <stop
offset="0.000000"
style="stop-color:#001fa7;stop-opacity:0.231373;"
id="stop48">
</stop>
<stop
offset="1.000000"
style="stop-color:#5397cf;stop-opacity:0.168627;"
id="stop49">
</stop>
</linearGradient>
<linearGradient
id="linearGradient11"> <stop
style="stop-color:#00276f;stop-opacity:1;"
offset="0.000000"
id="stop12">
</stop>
<stop
style="stop-color:#83bfff;stop-opacity:1;"
offset="1.000000"
id="stop13">
</stop>
</linearGradient>
<linearGradient
xlink:href="#linearGradient11"
id="linearGradient14"
x1="0.314787"
y1="0.742188"
x2="0.497871"
y2="-0.187500">
</linearGradient>
<linearGradient
xlink:href="#linearGradient11"
id="linearGradient15"
x1="0.511877"
y1="0.867188"
x2="1.000000"
y2="0.000000">
</linearGradient>
<linearGradient
xlink:href="#linearGradient47"
id="linearGradient46"
x1="0.884488"
y1="0.767893"
x2="0.514851"
y2="0.310243">
</linearGradient>
</defs>
<sodipodi:namedview
id="base"
showgrid="true"
gridoriginx="0.000000"
gridoriginy="0.000000"
gridspacingx="2.834646"
gridspacingy="2.834646"
gridtolerance="5.000000"
gridcolor="#07071d"
gridopacity="1.000000"
guidetolerance="5.000000"
guidecolor="#0000ff"
guideopacity="0.498039"
guidehicolor="#ff0000"
guidehiopacity="0.498039">
</sodipodi:namedview>
<path
transform="matrix(-0.738222 -0.0999986 0.25555 0.304609 680.242 119.58)"
style="stroke:none; stroke-opacity:100%; stroke-width:1pt; stroke-linejoin:miter; stroke-linecap:butt; fill:url(#linearGradient46); "
d="M 934.968 1028.58 L 991.877 1084.67 L 1106.54 1084.67 L 1054.76 1032.3 L 934.968 1028.58 z "
id="path44"
sodipodi:nodetypes="ccccc">
</path>
<path
transform="matrix(-0.680497 -0.100835 0.270288 1.05858 604.79 -697.844)"
style="stroke:#000000;stroke-opacity:100%;stroke-width:1pt;stroke-linejoin:miter;stroke-linecap:butt;fill:url(#linearGradient15);"
d="M 934.968 1028.58 L 991.877 1084.67 L 1106.54 1084.67 L 1054.76 1032.3 L 934.968 1028.58 z "
id="path8"
sodipodi:nodetypes="ccccc">
</path>
<path
transform="matrix(-0.657375 -0.0779928 0.288258 0.993857 558.78 -650.218)"
style="stroke:#000000; fill:#ffffff; fill-opacity:100%; stroke-opacity:100%; stroke-width:1pt; stroke-linejoin:miter; stroke-linecap:butt; "
d="M 952.894 1029.89 C 944.555 1030.9 950.826 1049.44 991.877 1084.67 L 1102.48 1082.34 C 1063.83 1063.85 1052.77 1031.69 1063.34 1030.89 C 1067.78 1031.27 965.731 1029.07 952.894 1029.89 z "
id="path9"
sodipodi:nodetypes="cccss">
</path>
<path
transform="matrix(-0.615361 -0.0753501 0.269835 0.960181 536.27 -618.312)"
style="stroke:#000000; fill:#ffffff; fill-opacity:100%; stroke-opacity:100%; stroke-width:1pt; stroke-linejoin:miter; stroke-linecap:butt; "
d="M 972.372 1037.67 C 963.239 1040.97 944.37 1047.96 991.877 1084.67 L 1109.59 1084.22 C 1086.96 1070.96 1083.88 1045.41 1093.69 1039.52 C 1099.67 1036.34 974.542 1036.68 972.372 1037.67 z "
id="path10"
sodipodi:nodetypes="cccss">
</path>
<path
transform="matrix(-0.673811 -0.0898752 0.2001 0.943524 674.29 -583.922)"
style="stroke:#000000;stroke-opacity:100%;stroke-width:1pt;stroke-linejoin:miter;stroke-linecap:butt;fill:url(#linearGradient14);"
d="M 1016.74 1042.45 C 987.875 1042.14 974.45 1065.62 992.895 1084.77 L 1108.59 1084.87 C 1082.38 1058.66 1139.83 1043.81 1113.64 1043.52 L 1016.74 1042.45 z "
id="path7"
sodipodi:nodetypes="cccss">
</path>
</svg>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment