Menu
▾
▴
[Libwpg-cvs] libwpg/src/lib WPG1Parser.cpp, 1.34, 1.35 WPGBitmap.cpp, 1.12, 1.13 WPGXParser.cpp, 1.14, 1.15 WPGXParser.h, 1.13, 1.14
|
From: Fridrich S. <str...@us...> - 2007-12-10 09:58:16
|
Update of /cvsroot/libwpg/libwpg/src/lib In directory sc8-pr-cvs6.sourceforge.net:/tmp/cvs-serv6891/src/lib Modified Files: WPG1Parser.cpp WPGBitmap.cpp WPGXParser.cpp WPGXParser.h Log Message: trying to be a little bit more defensive in the code. To be really rock solid, this needs a lot a lot of refactoring Index: WPGBitmap.cpp =================================================================== RCS file: /cvsroot/libwpg/libwpg/src/lib/WPGBitmap.cpp,v retrieving revision 1.12 retrieving revision 1.13 diff -u -d -r1.12 -r1.13 --- WPGBitmap.cpp 16 Nov 2007 20:19:26 -0000 1.12 +++ WPGBitmap.cpp 10 Dec 2007 09:58:11 -0000 1.13 @@ -98,7 +98,7 @@ void libwpg::WPGBitmap::generateBase64DIB(libwpg::WPGString& bmp) const { - if (d->height < 0 || d->width < 0) + if (d->height <= 0 || d->width <= 0) return; unsigned tmpPixelSize = (unsigned)(d->height * d->width); Index: WPG1Parser.cpp =================================================================== RCS file: /cvsroot/libwpg/libwpg/src/lib/WPG1Parser.cpp,v retrieving revision 1.34 retrieving revision 1.35 diff -u -d -r1.34 -r1.35 --- WPG1Parser.cpp 8 Oct 2007 20:47:26 -0000 1.34 +++ WPG1Parser.cpp 10 Dec 2007 09:58:11 -0000 1.35 @@ -453,20 +453,24 @@ // NOTE: delete the buffer by yourself! unsigned char* WPG1Parser::decodeRLE(int width, int height, int depth) { + if (depth <= 0 || width <= 0 || height <= 0) + return 0; + // round to the next byte - int scanline_width = (width * depth + 7)/8; - int buffer_size = scanline_width * height; + unsigned scanline_width = (width * depth + 7)/8; + unsigned buffer_size = scanline_width * height; WPG_DEBUG_MSG(("Scanline width: %d\n", scanline_width)); WPG_DEBUG_MSG(("Output size: %d\n", buffer_size)); // buffer for the result unsigned char* buffer = new unsigned char[buffer_size]; + + if (!buffer) + return 0; // pointer to write decoded data unsigned char* ptr = buffer; - // Decode the RLE bitmap buffer - // FIXME check for ptr, it should not go out of bound!! WPG_DEBUG_MSG(("Decoding RLE data\n")); for(; m_input->tell() < m_recordEnd; ) { @@ -479,7 +483,7 @@ unsigned char pixel = (count > 0) ? readU8() : 0xff; if(count == 0) count = (int)readU8(); - for( ; count; --count) + for( ; count && ptr < buffer + buffer_size; --count) *ptr++ = pixel; } else @@ -488,7 +492,7 @@ if(count > 0) { // literal byte copy - for( ; count; --count) + for( ; count && ptr < buffer + buffer_size; --count) *ptr++ = readU8(); } else @@ -496,8 +500,10 @@ // copy entire scan line count = (int)readU8(); unsigned char* raster_source = ptr - scanline_width; + if (!raster_source || raster_source < buffer) + return 0; for( ; count; --count) - for(int r = 0; r < scanline_width; r++) + for(unsigned r = 0; r < scanline_width && ptr < buffer + buffer_size; r++) *ptr++ = raster_source[r]; } } @@ -515,7 +521,7 @@ return; // round to the next byte - int scanline_width = (width * depth + 7)/8; + unsigned scanline_width = (width * depth + 7)/8; // 1-bit image: black and white if(depth == 1) @@ -582,6 +588,12 @@ hres = 1200; if(vres <= 0) vres = 1200; + if (width < 0) + width = 0; + if (height < 0) + height = 0; + if (depth < 0) + depth = 0; // Bitmap Type 1 does not specify position // Assume on the corner (0,0) @@ -592,10 +604,13 @@ bitmap.rect.y2 = (double)height/(double)vres; unsigned char* buffer = decodeRLE(width, height, depth); - fillPixels(bitmap, buffer, width, height, depth); - delete [] buffer; + if (buffer) + { + fillPixels(bitmap, buffer, width, height, depth); + delete [] buffer; - m_painter->drawBitmap(bitmap); + m_painter->drawBitmap(bitmap); + } } void WPG1Parser::handleBitmapTypeTwo() @@ -632,6 +647,12 @@ hres = 1200; if(vres <= 0) vres = 1200; + if (width < 0) + width = 0; + if (height < 0) + height = 0; + if (depth < 0) + depth = 0; y1 = m_height - y1; y2 = m_height - y2; @@ -649,10 +670,13 @@ bitmap.rect.y2 = (double)(ys2)/1200.0; unsigned char* buffer = decodeRLE(width, height, depth); - fillPixels(bitmap, buffer, width, height, depth); - delete [] buffer; + if (buffer) + { + fillPixels(bitmap, buffer, width, height, depth); + delete [] buffer; - m_painter->drawBitmap(bitmap); + m_painter->drawBitmap(bitmap); + } } void WPG1Parser::resetPalette() Index: WPGXParser.cpp =================================================================== RCS file: /cvsroot/libwpg/libwpg/src/lib/WPGXParser.cpp,v retrieving revision 1.14 retrieving revision 1.15 diff -u -d -r1.14 -r1.15 --- WPGXParser.cpp 16 Nov 2007 20:19:27 -0000 1.14 +++ WPGXParser.cpp 10 Dec 2007 09:58:11 -0000 1.15 @@ -40,10 +40,14 @@ unsigned char WPGXParser::readU8() { + if (!m_input || m_input->atEOS()) + return (unsigned char)0; size_t numBytesRead; unsigned char const * p = m_input->read(sizeof(unsigned char), numBytesRead); - return *(unsigned char const *)(p); + if (p && numBytesRead == 1) + return *(unsigned char const *)(p); + return (unsigned char)0; } unsigned short WPGXParser::readU16() @@ -62,28 +66,19 @@ return (unsigned long)(p0|(p1<<8)|(p2<<16)|(p3<<24)); } -char WPGXParser::readS8() +signed char WPGXParser::readS8() { - size_t numBytesRead; - unsigned char const * p = m_input->read(sizeof(unsigned char), numBytesRead); - - return *(signed char const *)(p); + return (signed char)readU8(); } short WPGXParser::readS16() { - short p0 = readU8(); - short p1 = readS8(); - return (short)(p0|(p1<<8)); + return (short)readU16(); } long WPGXParser::readS32() { - long p0 = readU8(); - long p1 = readU8(); - long p2 = readU8(); - long p3 = readS8(); - return (long)(p0|(p1<<8)|(p2<<16)|(p3<<24)); + return (long)readU32(); } unsigned int WPGXParser::readVariableLengthInteger() Index: WPGXParser.h =================================================================== RCS file: /cvsroot/libwpg/libwpg/src/lib/WPGXParser.h,v retrieving revision 1.13 retrieving revision 1.14 diff -u -d -r1.13 -r1.14 --- WPGXParser.h 19 Oct 2007 19:09:09 -0000 1.13 +++ WPGXParser.h 10 Dec 2007 09:58:11 -0000 1.14 @@ -45,7 +45,7 @@ unsigned char readU8(); unsigned short readU16(); unsigned long readU32(); - char readS8(); + signed char readS8(); short readS16(); long readS32(); unsigned int readVariableLengthInteger(); |
