diff options
| author | Sam Spilsbury <smspillaz@smspillaz-desktop.(none)> | 2010-04-04 09:58:00 +0800 |
|---|---|---|
| committer | Sam Spilsbury <smspillaz@smspillaz-desktop.(none)> | 2010-04-04 09:58:00 +0800 |
| commit | 44f71ba6d6ed19f507a55ea676db7801f94f631a (patch) | |
| tree | 160d5ffc33424479a0a63714648ebd83fa21d799 /src | |
| parent | 0e71b1e2d3f12a24b5dba188b4f7b10b196c0073 (diff) | |
| download | zcomp-44f71ba6d6ed19f507a55ea676db7801f94f631a.tar.gz zcomp-44f71ba6d6ed19f507a55ea676db7801f94f631a.tar.bz2 | |
Correctly handle weird icon sizes.
iw * ih may overflow the value range of unsigned long if iw and ih are
large enough, so check the single values as well.
Forward port of 1bed3dbcea6473f84745ec7a1f936c4f5d3b3a01 to master
Diffstat (limited to 'src')
| -rw-r--r-- | src/window.cpp | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/window.cpp b/src/window.cpp index eb5243f..19f36a0 100644 --- a/src/window.cpp +++ b/src/window.cpp @@ -4066,7 +4066,8 @@ CompWindow::getIcon (int width, { CARD32 *p; CARD32 alpha, red, green, blue; - int iw, ih, j; + int iw, ih; + unsigned long j; for (i = 0; i + 2 < n; i += iw * ih + 2) { @@ -4075,7 +4076,13 @@ CompWindow::getIcon (int width, iw = idata[i]; ih = idata[i + 1]; - if (iw * ih + 2 > (int) (n - i)) + /* iw * ih may be larger than the value range of unsigned + * long, so better do some checking for extremely weird + * icon sizes first */ + if ((unsigned int) iw > 2048 || (unsigned int) + ih > 2048 || (unsigned int) iw * + (unsigned int) ih + 2 > (unsigned int) n - + (unsigned int) i) break; if (iw && ih) @@ -4091,7 +4098,8 @@ CompWindow::getIcon (int width, /* EWMH doesn't say if icon data is premultiplied or not but most applications seem to assume data should be unpremultiplied. */ - for (j = 0; j < iw * ih; j++) + for (j = 0; j < (unsigned int) iw * + (unsigned int) ih; j++) { alpha = (idata[i + j + 2] >> 24) & 0xff; red = (idata[i + j + 2] >> 16) & 0xff; |