diff options
| author | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2010-11-09 02:48:22 +0000 |
|---|---|---|
| committer | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2010-11-09 02:48:22 +0000 |
| commit | 9c4a88f019b9ff63c4c767e97b31002369b899f8 (patch) | |
| tree | cf3d203bd608a7b21b99854fea49e53dd9dbc7a4 /converter/other/bmptopnm.c | |
| parent | 89477b37e4b679da49c9c578fdbb7690211f06a8 (diff) | |
| download | netpbm-mirror-9c4a88f019b9ff63c4c767e97b31002369b899f8.tar.gz netpbm-mirror-9c4a88f019b9ff63c4c767e97b31002369b899f8.tar.xz netpbm-mirror-9c4a88f019b9ff63c4c767e97b31002369b899f8.zip | |
Fix crash on large invalid value of ColorsUsed in BMP header
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@1363 9d0c8265-081b-0410-96cb-a4ca84ce46f8
Diffstat (limited to 'converter/other/bmptopnm.c')
| -rw-r--r-- | converter/other/bmptopnm.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/converter/other/bmptopnm.c b/converter/other/bmptopnm.c index bf16056b..75d73428 100644 --- a/converter/other/bmptopnm.c +++ b/converter/other/bmptopnm.c @@ -95,8 +95,11 @@ struct bmpInfoHeader { described by the "mask" values in the header, rather than fixed formats. */ - int cmapsize; - /* Size in bytes of the colormap (palette) in the BMP file */ + unsigned int cmapsize; + /* Size in bytes of the colormap (palette) in the BMP file. + + Zero means there is no colormap. + */ unsigned int imageSize; /* Size in bytes of the image data. We only reference this when the image is compressed. */ @@ -390,7 +393,7 @@ readWindowsBasic40ByteInfoHeader(FILE * const ifP, GetLong(ifP); /* YpixelsPerMeter */ colorsused = GetLong(ifP); /* ColorsUsed */ /* See comments in bmp.h for info about the definition of the following - word and its relationship to the color map size (*pcmapsize). + word and its relationship to the color map size (headerP->cmapsize). */ colorsimportant = GetLong(ifP); /* ColorsImportant */ @@ -623,7 +626,7 @@ static void BMPreadcolormap(FILE * const ifP, int const class, xel ** const colormapP, - int const cmapsize, + unsigned int const cmapsize, unsigned int * const bytesReadP) { /*---------------------------------------------------------------------------- Read the color map from the present position in the input BMP file @@ -638,7 +641,7 @@ BMPreadcolormap(FILE * const ifP, 'class' is the class of BMP image - Windows or OS/2. -----------------------------------------------------------------------------*/ - int i; + unsigned int i; xel * colormap; unsigned int bytesRead; @@ -1178,7 +1181,7 @@ reportHeader(struct bmpInfoHeader const header, header.compression == COMP_JPEG ? "JPEG (not supported)" : header.compression == COMP_PNG ? "PNG (not supported)" : "???"); - pm_message(" Colors in color map: %d", header.cmapsize); + pm_message(" Colors in color map: %u", header.cmapsize); } |