From d515dbdfeba0f3c02deb17dce5ca1f958fc0befb Mon Sep 17 00:00:00 2001 From: Lode Date: Thu, 27 Nov 2014 10:46:43 +0100 Subject: various fixes --- lodepng_util.cpp | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'lodepng_util.cpp') diff --git a/lodepng_util.cpp b/lodepng_util.cpp index 37a6e73..3e59a52 100644 --- a/lodepng_util.cpp +++ b/lodepng_util.cpp @@ -41,7 +41,7 @@ unsigned getChunkInfo(std::vector& names, std::vector& size const std::vector& png) { // Listing chunks is based on the original file, not the decoded png info. - const unsigned char *chunk, *begin, *end; + const unsigned char *chunk, *begin, *end, *next; end = &png.back() + 1; begin = chunk = &png.front() + 8; @@ -56,7 +56,9 @@ unsigned getChunkInfo(std::vector& names, std::vector& size names.push_back(type); sizes.push_back(length); - chunk = lodepng_chunk_next_const(chunk); + next = lodepng_chunk_next_const(chunk); + if (next <= chunk) return 1; // integer overflow + chunk = next; } return 0; } @@ -79,6 +81,7 @@ unsigned getChunks(std::vector names[3], if(name.size() != 4) return 1; next = lodepng_chunk_next_const(chunk); + if (next <= chunk) return 1; // integer overflow if(name == "IHDR") { @@ -123,6 +126,7 @@ unsigned insertChunks(std::vector& png, if(name.size() != 4) return 1; next = lodepng_chunk_next_const(chunk); + if (next <= chunk) return 1; // integer overflow if(name == "PLTE") { @@ -166,7 +170,7 @@ unsigned getFilterTypesInterlaced(std::vector >& filt if(error) return 1; //Read literal data from all IDAT chunks - const unsigned char *chunk, *begin, *end; + const unsigned char *chunk, *begin, *end, *next; end = &png.back() + 1; begin = chunk = &png.front() + 8; @@ -190,7 +194,9 @@ unsigned getFilterTypesInterlaced(std::vector >& filt } } - chunk = lodepng_chunk_next_const(chunk); + next = lodepng_chunk_next_const(chunk); + if (next <= chunk) return 1; // integer overflow + chunk = next; } //Decompress all IDAT data -- cgit v1.2.3