Ticket #12207: 0001-12207-fix-an-infinite-loop-on-reading-a-larger-file-.patch

File 0001-12207-fix-an-infinite-loop-on-reading-a-larger-file-.patch, 1.6 KB (added by apl-haiku, 4 years ago)
  • src/tools/hvif2png/hvif2png.cpp

    From 875953a0d7837e04a075729fca56451622f2127e Mon Sep 17 00:00:00 2001
    From: Andrew Lindesay <apl@lindesay.co.nz>
    Date: Sat, 18 Jul 2015 23:31:07 +1200
    Subject: [PATCH] 12207 - fix an infinite loop on reading a larger file and
     check hvif magic number
    
    ---
     src/tools/hvif2png/hvif2png.cpp | 22 ++++++++++++++++++++++
     1 file changed, 22 insertions(+)
    
    diff --git a/src/tools/hvif2png/hvif2png.cpp b/src/tools/hvif2png/hvif2png.cpp
    index 70135bc..6159b2d 100644
    a b  
    3131#define SIZE_HVIF_BUFFER_STEP 1024
    3232
    3333
     34static const uint8 kHvifMagic[] = { 'n', 'c', 'i', 'f' };
     35
     36
    3437typedef struct h2p_hvif_buffer {
    3538    uint8*  buffer;
    3639    size_t  used;
    h2p_read_hvif_input(h2p_hvif_buffer* result, FILE* in)  
    195198                fprintf(stderr,"out of memory\n");
    196199                return 0;
    197200            }
     201
     202            result->allocated += SIZE_HVIF_BUFFER_STEP;
    198203        }
    199204
    200205        result->used += fread(&result->buffer[result->used], sizeof(uint8),
    h2p_read_hvif_input(h2p_hvif_buffer* result, FILE* in)  
    208213        }
    209214    }
    210215
     216    if (result->used < 4) {
     217        fprintf(stderr, "the hvif data is too small to visably be valid\n");
     218        return 0;
     219    }
     220
     221
     222    // hvif files have a magic string of "ncif" so we should check for that as
     223    // well.
     224
     225    if (memcmp(result->buffer, kHvifMagic, 4) != 0) {
     226        fprintf(stderr, "the input data does not look like hvif because the"
     227            " magic string is not 'ncif'; %d, %d, %d, %d\n",
     228            result->buffer[0], result->buffer[1], result->buffer[2],
     229            result->buffer[3]);
     230        return 0;
     231    }
     232
    211233    return result->used;
    212234}
    213235