diff options
| author | Stephan Bergmann <sbergman@redhat.com> | 2014-04-23 17:39:06 +0200 |
|---|---|---|
| committer | Stephan Bergmann <sbergman@redhat.com> | 2014-04-23 17:39:21 +0200 |
| commit | 14873da8c264cb3ca70d945f67c8d2e25add36ff (patch) | |
| tree | 43cf27b4c201f218a31c0ab976bb4c11085ded9b /vcl/source/gdi | |
| parent | d0800e35d492b797968d4dd00b83ace4d9400a92 (diff) | |
Check for short reads
Change-Id: I55b9cec694623a3736a78b11b5fdde7d0edaf199
Diffstat (limited to 'vcl/source/gdi')
| -rw-r--r-- | vcl/source/gdi/dibtools.cxx | 70 |
1 files changed, 57 insertions, 13 deletions
diff --git a/vcl/source/gdi/dibtools.cxx b/vcl/source/gdi/dibtools.cxx index e67a7cb727f3..2b5ad447c638 100644 --- a/vcl/source/gdi/dibtools.cxx +++ b/vcl/source/gdi/dibtools.cxx @@ -255,7 +255,10 @@ bool ImplReadDIBPalette( SvStream& rIStm, BitmapWriteAccess& rAcc, bool bQuad ) BitmapColor aPalColor; boost::scoped_array<sal_uInt8> pEntries(new sal_uInt8[ nPalSize ]); - rIStm.Read( pEntries.get(), nPalSize ); + if (rIStm.Read( pEntries.get(), nPalSize ) != nPalSize) + { + return false; + } sal_uInt8* pTmpEntry = pEntries.get(); for( sal_uInt16 i = 0; i < nColors; i++ ) @@ -410,7 +413,16 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r // Read data if(bNative) { - rIStm.Read(rAcc.GetBuffer(), rHeader.nHeight * nAlignedWidth); + if (nAlignedWidth + > std::numeric_limits<sal_Size>::max() / rHeader.nHeight) + { + return false; + } + sal_Size n = nAlignedWidth * rHeader.nHeight; + if (rIStm.Read(rAcc.GetBuffer(), n) != n) + { + return false; + } } else { @@ -430,10 +442,14 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r rHeader.nSizeImage = rIStm.remainingSize(); } - sal_uInt8* pBuffer = (sal_uInt8*)rtl_allocateMemory(rHeader.nSizeImage); - rIStm.Read((char*)pBuffer, rHeader.nSizeImage); - ImplDecodeRLE(pBuffer, rHeader, rAcc, RLE_4 == rHeader.nCompression); - rtl_freeMemory(pBuffer); + boost::scoped_ptr<sal_uInt8> pBuffer( + new sal_uInt8[rHeader.nSizeImage]); + if (rIStm.Read((char*)pBuffer.get(), rHeader.nSizeImage) + != rHeader.nSizeImage) + { + return false; + } + ImplDecodeRLE(pBuffer.get(), rHeader, rAcc, RLE_4 == rHeader.nCompression); } else { @@ -454,7 +470,11 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r for( ; nCount--; nY += nI ) { - rIStm.Read( pTmp = pBuf.get(), nAlignedWidth ); + if (rIStm.Read( pTmp = pBuf.get(), nAlignedWidth ) + != nAlignedWidth) + { + return false; + } cTmp = *pTmp++; for( long nX = 0L, nShift = 8L; nX < nWidth; nX++ ) @@ -478,7 +498,11 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r for( ; nCount--; nY += nI ) { - rIStm.Read( pTmp = pBuf.get(), nAlignedWidth ); + if (rIStm.Read( pTmp = pBuf.get(), nAlignedWidth ) + != nAlignedWidth) + { + return false; + } cTmp = *pTmp++; for( long nX = 0L, nShift = 2L; nX < nWidth; nX++ ) @@ -501,7 +525,11 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r for( ; nCount--; nY += nI ) { - rIStm.Read( pTmp = pBuf.get(), nAlignedWidth ); + if (rIStm.Read( pTmp = pBuf.get(), nAlignedWidth ) + != nAlignedWidth) + { + return false; + } for( long nX = 0L; nX < nWidth; nX++ ) rAcc.SetPixelIndex( nY, nX, *pTmp++ ); @@ -517,7 +545,11 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r for( ; nCount--; nY += nI ) { - rIStm.Read( (char*)( pTmp16 = (sal_uInt16*) pBuf.get() ), nAlignedWidth ); + if (rIStm.Read( (char*)( pTmp16 = (sal_uInt16*) pBuf.get() ), nAlignedWidth ) + != nAlignedWidth) + { + return false; + } for( long nX = 0L; nX < nWidth; nX++ ) { @@ -535,7 +567,11 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r for( ; nCount--; nY += nI ) { - rIStm.Read( pTmp = pBuf.get(), nAlignedWidth ); + if (rIStm.Read( pTmp = pBuf.get(), nAlignedWidth ) + != nAlignedWidth) + { + return false; + } for( long nX = 0L; nX < nWidth; nX++ ) { @@ -560,7 +596,11 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r for( ; nCount--; nY += nI ) { - rIStm.Read( (char*)( pTmp32 = (sal_uInt32*) pBuf.get() ), nAlignedWidth ); + if (rIStm.Read( (char*)( pTmp32 = (sal_uInt32*) pBuf.get() ), nAlignedWidth ) + != nAlignedWidth) + { + return false; + } for( long nX = 0L; nX < nWidth; nX++ ) { @@ -575,7 +615,11 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r { for( ; nCount--; nY += nI ) { - rIStm.Read( (char*)( pTmp32 = (sal_uInt32*) pBuf.get() ), nAlignedWidth ); + if (rIStm.Read( (char*)( pTmp32 = (sal_uInt32*) pBuf.get() ), nAlignedWidth ) + != nAlignedWidth) + { + return false; + } for( long nX = 0L; nX < nWidth; nX++ ) { |