diff options
| author | Christophe Fergeau <teuf@gnome.org> | 2005-11-28 19:44:33 +0000 |
|---|---|---|
| committer | Christophe Fergeau <teuf@gnome.org> | 2005-11-28 19:44:33 +0000 |
| commit | 80ade88ec9ff5b45c7532c25f160e6bc7cd41533 (patch) | |
| tree | 6ead9f334b311d1abd4670bf988abeb7a3572c39 /src/itdb_artwork.c | |
| parent | 1100f4f45220e6579fffa476d07d719093177852 (diff) | |
| download | libgpod-80ade88ec9ff5b45c7532c25f160e6bc7cd41533.tar.gz libgpod-80ade88ec9ff5b45c7532c25f160e6bc7cd41533.tar.xz libgpod-80ade88ec9ff5b45c7532c25f160e6bc7cd41533.zip | |
2005-11-28 Christophe Fergeau <teuf@gnome.org>
* src/itdb_artwork.c: (unpack_RGB_565), (get_pixel_data):
* src/itdb_itunesdb.c: (get_mhod):
* src/ithumb-writer.c: (pack_RGB_565),
(ithumb_rearrange_thumbnail_file): added some paranoia checks before
doing some mallocs to prevent potential int overflows in some mallocs
which could be triggered by using forged iTunesDB files
git-svn-id: https://gtkpod.svn.sf.net/svnroot/gtkpod/libgpod/trunk@1181 f01d2545-417e-4e96-918e-98f8d0dbbcb6
Diffstat (limited to 'src/itdb_artwork.c')
| -rw-r--r-- | src/itdb_artwork.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/itdb_artwork.c b/src/itdb_artwork.c index 69b432a..072daa1 100644 --- a/src/itdb_artwork.c +++ b/src/itdb_artwork.c @@ -217,6 +217,7 @@ unpack_RGB_565 (guint16 *pixels, guint bytes_len) guchar *result; guint i; + g_assert (bytes_len < 2*(G_MAXUINT/3)); result = g_malloc ((bytes_len/2) * 3); if (result == NULL) { return NULL; @@ -251,6 +252,9 @@ get_pixel_data (IpodDevice *device, Itdb_Thumb *thumb) g_return_val_if_fail (thumb, NULL); g_return_val_if_fail (thumb->filename, NULL); + /* thumb->size is read as a guint32 from the iPod, so no overflow + * can occur here + */ result = g_malloc (thumb->size); filename = itdb_thumb_get_filename (device, thumb); |