# HG changeset patch
# User Thomas Bernard <miniupnp@free.fr>
# Date 1543572255 -3600
# Fri Nov 30 11:04:15 2018 +0100
# Branch SDL-1.2
# Node ID 68f958f43339b1aa1ad61d470dc8a6b9ef670dcf
# Parent 89225c8816d6d487bee10642d0380442dc19490d
IMG_xcf.c: Avoid infinite loop in read_xcf_header()
diff -r 89225c8816d6 -r 68f958f43339 IMG_xcf.c
|
a
|
b
|
|
| 263 | 263 | | ((v & 0xFF000000)); |
| 264 | 264 | } |
| 265 | 265 | |
| 266 | | static void xcf_read_property (SDL_RWops * src, xcf_prop * prop) { |
| | 266 | static int xcf_read_property (SDL_RWops * src, xcf_prop * prop) { |
| 267 | 267 | Uint32 len; |
| 268 | 268 | prop->id = SDL_ReadBE32 (src); |
| 269 | 269 | prop->length = SDL_ReadBE32 (src); |
| 270 | 270 | |
| 271 | 271 | #if DEBUG |
| 272 | | printf ("%.8X: %s: %d\n", SDL_RWtell (src), prop->id < 25 ? prop_names [prop->id] : "unknown", prop->length); |
| | 272 | printf ("%.8X: %s(%u): %u\n", SDL_RWtell (src), prop->id < 25 ? prop_names [prop->id] : "unknown", prop->id, prop->length); |
| 273 | 273 | #endif |
| 274 | 274 | |
| 275 | 275 | switch (prop->id) { |
| … |
… |
|
| 301 | 301 | break; |
| 302 | 302 | default: |
| 303 | 303 | // SDL_RWread (src, &prop->data, prop->length, 1); |
| 304 | | SDL_RWseek (src, prop->length, RW_SEEK_CUR); |
| | 304 | if (SDL_RWseek (src, prop->length, RW_SEEK_CUR) < 0) |
| | 305 | return 0; // ERROR |
| 305 | 306 | } |
| | 307 | return 1; // OK |
| 306 | 308 | } |
| 307 | 309 | |
| 308 | 310 | static void free_xcf_header (xcf_header * h) { |
| … |
… |
|
| 325 | 327 | h->width = SDL_ReadBE32 (src); |
| 326 | 328 | h->height = SDL_ReadBE32 (src); |
| 327 | 329 | h->image_type = SDL_ReadBE32 (src); |
| | 330 | #ifdef DEBUG |
| | 331 | printf ("XCF signature : %.14s\n", h->sign); |
| | 332 | printf (" (%u,%u) type=%u\n", h->width, h->height, h->image_type); |
| | 333 | #endif |
| 328 | 334 | |
| 329 | 335 | h->properties = NULL; |
| 330 | 336 | h->layer_file_offsets = NULL; |
| … |
… |
|
| 334 | 340 | |
| 335 | 341 | // Just read, don't save |
| 336 | 342 | do { |
| 337 | | xcf_read_property (src, &prop); |
| | 343 | if (!xcf_read_property (src, &prop)) { |
| | 344 | free_xcf_header (h); |
| | 345 | return NULL; |
| | 346 | } |
| 338 | 347 | if (prop.id == PROP_COMPRESSION) |
| 339 | 348 | h->compr = (xcf_compr_type)prop.data.compression; |
| 340 | 349 | else if (prop.id == PROP_COLORMAP) { |
| … |
… |
|
| 378 | 387 | l->name = read_string (src); |
| 379 | 388 | |
| 380 | 389 | do { |
| 381 | | xcf_read_property (src, &prop); |
| | 390 | if (!xcf_read_property (src, &prop)) { |
| | 391 | free_xcf_layer (l); |
| | 392 | return NULL; |
| | 393 | } |
| 382 | 394 | if (prop.id == PROP_OFFSETS) { |
| 383 | 395 | l->offset_x = prop.data.offset.x; |
| 384 | 396 | l->offset_y = prop.data.offset.y; |
| … |
… |
|
| 410 | 422 | |
| 411 | 423 | l->selection = 0; |
| 412 | 424 | do { |
| 413 | | xcf_read_property (src, &prop); |
| | 425 | if (!xcf_read_property (src, &prop)) { |
| | 426 | free_xcf_channel (l); |
| | 427 | return NULL; |
| | 428 | } |
| 414 | 429 | switch (prop.id) { |
| 415 | 430 | case PROP_OPACITY: |
| 416 | 431 | l->opacity = prop.data.opacity << 24; |
