From 508e987d5637c5136e1deb82aeb6de8530e9af98 Mon Sep 17 00:00:00 2001 From: giraffedata Date: Sun, 7 Jun 2020 18:51:05 +0000 Subject: Fix handling of non-terminated string in input image git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@3842 9d0c8265-081b-0410-96cb-a4ca84ce46f8 --- converter/ppm/xim.h | 6 +++--- converter/ppm/ximtoppm.c | 39 ++++++++++++--------------------------- 2 files changed, 15 insertions(+), 30 deletions(-) (limited to 'converter') diff --git a/converter/ppm/xim.h b/converter/ppm/xim.h index ff21203f..116312bb 100644 --- a/converter/ppm/xim.h +++ b/converter/ppm/xim.h @@ -63,9 +63,9 @@ typedef struct XimImage { short tpics, npics; /* number of images, total & left in file */ short ncolors; /* " " colors in the color table */ Color* colors; /* colortable, one byte per r/g/b & pixel */ - char* author; /* author credit, copyright, etc */ - char* date; /* date image was made, grabbed, etc. */ - char* program; /* program used to make this */ + const char* author; /* author credit, copyright, etc */ + const char* date; /* date image was made, grabbed, etc. */ + const char* program; /* program used to make this */ short ncomments; /* number of comments strings */ char** comments; /* pointers to null terminated strings */ char* offset; /* original offset in machine memory */ diff --git a/converter/ppm/ximtoppm.c b/converter/ppm/ximtoppm.c index 6cd470e9..d844031c 100644 --- a/converter/ppm/ximtoppm.c +++ b/converter/ppm/ximtoppm.c @@ -102,6 +102,11 @@ ReadXimHeader(FILE * const in_fp, pm_message("ReadXimHeader: unable to read file header" ); return(0); } + /* Force broken ASCIIZ strings to at least be valid ASCIIZ */ + a_head.author [sizeof(a_head.author) - 1] = '\0'; + a_head.date [sizeof(a_head.date) - 1] = '\0'; + a_head.program[sizeof(a_head.program) - 1] = '\0'; + if (atoi(a_head.header_size) != sizeof(ImageHeader)) { pm_message("ReadXimHeader: header size mismatch" ); return(0); @@ -115,35 +120,15 @@ ReadXimHeader(FILE * const in_fp, header->ncolors = atoi(a_head.num_colors); header->nchannels = atoi(a_head.num_channels); header->bytes_per_line = atoi(a_head.bytes_per_line); -/* header->npics = atoi(a_head.num_pictures); */ +#if 0 + header->npics = atoi(a_head.num_pictures); +#endif header->bits_channel = atoi(a_head.bits_per_channel); header->alpha_flag = atoi(a_head.alpha_channel); - if (strlen(a_head.author)) { - if (!(header->author = calloc((unsigned int)strlen(a_head.author)+1, - 1))) { - pm_message("ReadXimHeader: can't calloc author string" ); - return(0); - } - header->width = atoi(a_head.image_width); - strncpy(header->author, a_head.author, strlen(a_head.author)); - } - if (strlen(a_head.date)) { - if (!(header->date =calloc((unsigned int)strlen(a_head.date)+1,1))){ - pm_message("ReadXimHeader: can't calloc date string" ); - return(0); - } - header->width = atoi(a_head.image_width); - strncpy(header->date, a_head.date, strlen(a_head.date)); - } - if (strlen(a_head.program)) { - if (!(header->program = calloc( - (unsigned int)strlen(a_head.program) + 1, 1))) { - pm_message("ReadXimHeader: can't calloc program string" ); - return(0); - } - header->width = atoi(a_head.image_width); - strncpy(header->program, a_head.program,strlen(a_head.program)); - } + pm_asprintf(&header->author, a_head.author); + pm_asprintf(&header->date, a_head.date); + pm_asprintf(&header->program, a_head.program); + /* Do double checking for backwards compatibility */ if (header->npics == 0) header->npics = 1; -- cgit 1.4.1