mirrors/neutrino
1
0
Fork 0
mirror of https://github.com/tuxbox-neutrino/neutrino.git synced 2025-08-28 07:51:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix stack buffer overflow if icon pic is broken

Browse Source
This commit is contained in:
Jacek Jendrzej
2019-03-09 20:09:28 +01:00
parent c3d1af3171
commit 41963aca29
2 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/driver/fb_generic.cpp
View File

@@ -816,15 +816,15 @@ bool CFrameBuffer::paintIcon8(const std::string & filename, const int x, const i
bool CFrameBuffer::paintIcon(const std::string & filename, const int x, const int y, bool CFrameBuffer::paintIcon(const std::string & filename, const int x, const int y,
const int h, const unsigned char offset, bool paint, bool paintBg, const fb_pixel_t colBg) const int h, const unsigned char offset, bool paint, bool paintBg, const fb_pixel_t colBg)
{ {
if (!getActive())
return false;
struct rawHeader header; struct rawHeader header;
int width, height; int width = 0, height = 0;
fb_pixel_t * data; fb_pixel_t * data;
struct rawIcon tmpIcon; struct rawIcon tmpIcon;
std::map<std::string, rawIcon>::iterator it; std::map<std::string, rawIcon>::iterator it;
if (!getActive())
return false;
int yy = y; int yy = y;
bool freeicondata = false; bool freeicondata = false;
//printf("CFrameBuffer::paintIcon: load %s\n", filename.c_str());fflush(stdout); //printf("CFrameBuffer::paintIcon: load %s\n", filename.c_str());fflush(stdout);
@@ -836,6 +836,9 @@ bool CFrameBuffer::paintIcon(const std::string & filename, const int x, const in
//printf("CFrameBuffer::paintIcon: check for %s\n", newname.c_str());fflush(stdout); //printf("CFrameBuffer::paintIcon: check for %s\n", newname.c_str());fflush(stdout);
data = g_PicViewer->getIcon(newname, &width, &height); data = g_PicViewer->getIcon(newname, &width, &height);
if (width < 1 || height < 1){
return false;
}
if(data) { //TODO: intercepting of possible full icon cache, that could cause strange behavior while painting of uncached icons if(data) { //TODO: intercepting of possible full icon cache, that could cause strange behavior while painting of uncached icons
int dsize = width*height*sizeof(fb_pixel_t); int dsize = width*height*sizeof(fb_pixel_t);

6
src/driver/pictureviewer/pictureviewer.cpp
View File

@@ -783,7 +783,7 @@ fb_pixel_t * CPictureViewer::int_getImage(const std::string & name, int *width,
if (access(name.c_str(), R_OK) == -1) if (access(name.c_str(), R_OK) == -1)
return NULL; return NULL;
int x, y, load_ret, bpp = 0; int x = 0, y = 0, load_ret = 0, bpp = 0;
CFormathandler *fh = NULL; CFormathandler *fh = NULL;
unsigned char * buffer = NULL; unsigned char * buffer = NULL;
fb_pixel_t * ret = NULL; fb_pixel_t * ret = NULL;
@@ -795,6 +795,10 @@ fb_pixel_t * CPictureViewer::int_getImage(const std::string & name, int *width,
mode_str = "getIcon"; mode_str = "getIcon";
fh = fh_getsize(name.c_str(), &x, &y, INT_MAX, INT_MAX); fh = fh_getsize(name.c_str(), &x, &y, INT_MAX, INT_MAX);
if (x < 1 || y < 1){
return NULL;
}
size_t bufsize = x * y * 4; size_t bufsize = x * y * 4;
if (!checkfreemem(bufsize)) if (!checkfreemem(bufsize))
return NULL; return NULL;