summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSam Spilsbury <smspillaz@smspillaz-desktop.(none)>2010-04-04 09:58:00 +0800
committerSam Spilsbury <smspillaz@smspillaz-desktop.(none)>2010-04-04 09:58:00 +0800
commit44f71ba6d6ed19f507a55ea676db7801f94f631a (patch)
tree160d5ffc33424479a0a63714648ebd83fa21d799
parent0e71b1e2d3f12a24b5dba188b4f7b10b196c0073 (diff)
downloadzcomp-44f71ba6d6ed19f507a55ea676db7801f94f631a.tar.gz
zcomp-44f71ba6d6ed19f507a55ea676db7801f94f631a.tar.bz2
Correctly handle weird icon sizes.
iw * ih may overflow the value range of unsigned long if iw and ih are large enough, so check the single values as well. Forward port of 1bed3dbcea6473f84745ec7a1f936c4f5d3b3a01 to master
-rw-r--r--src/window.cpp14
1 files changed, 11 insertions, 3 deletions
diff --git a/src/window.cpp b/src/window.cpp
index eb5243f..19f36a0 100644
--- a/src/window.cpp
+++ b/src/window.cpp
@@ -4066,7 +4066,8 @@ CompWindow::getIcon (int width,
{
CARD32 *p;
CARD32 alpha, red, green, blue;
- int iw, ih, j;
+ int iw, ih;
+ unsigned long j;
for (i = 0; i + 2 < n; i += iw * ih + 2)
{
@@ -4075,7 +4076,13 @@ CompWindow::getIcon (int width,
iw = idata[i];
ih = idata[i + 1];
- if (iw * ih + 2 > (int) (n - i))
+ /* iw * ih may be larger than the value range of unsigned
+ * long, so better do some checking for extremely weird
+ * icon sizes first */
+ if ((unsigned int) iw > 2048 || (unsigned int)
+ ih > 2048 || (unsigned int) iw *
+ (unsigned int) ih + 2 > (unsigned int) n -
+ (unsigned int) i)
break;
if (iw && ih)
@@ -4091,7 +4098,8 @@ CompWindow::getIcon (int width,
/* EWMH doesn't say if icon data is premultiplied or
not but most applications seem to assume data should
be unpremultiplied. */
- for (j = 0; j < iw * ih; j++)
+ for (j = 0; j < (unsigned int) iw *
+ (unsigned int) ih; j++)
{
alpha = (idata[i + j + 2] >> 24) & 0xff;
red = (idata[i + j + 2] >> 16) & 0xff;