From 9c4a88f019b9ff63c4c767e97b31002369b899f8 Mon Sep 17 00:00:00 2001 From: giraffedata Date: Tue, 9 Nov 2010 02:48:22 +0000 Subject: Fix crash on large invalid value of ColorsUsed in BMP header git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@1363 9d0c8265-081b-0410-96cb-a4ca84ce46f8 --- converter/bmp.h | 8 ++++---- converter/other/bmptopnm.c | 15 +++++++++------ 2 files changed, 13 insertions(+), 10 deletions(-) (limited to 'converter') diff --git a/converter/bmp.h b/converter/bmp.h index b22be82f..8b2aa302 100644 --- a/converter/bmp.h +++ b/converter/bmp.h @@ -126,7 +126,7 @@ BMPleninfoheader(enum bmpClass const class) { static __inline__ unsigned int BMPlencolormap(enum bmpClass const class, unsigned int const bitcount, - int const cmapsize) { + unsigned int const cmapsize) { unsigned int lenrgb; unsigned int lencolormap; @@ -141,7 +141,7 @@ BMPlencolormap(enum bmpClass const class, case C_OS2: lenrgb = 3; break; } - if (cmapsize < 0) + if (!cmapsize) lencolormap = (1 << bitcount) * lenrgb; else lencolormap = cmapsize * lenrgb; @@ -216,7 +216,7 @@ BMPoffbits(enum bmpClass const class, static __inline__ unsigned int BMPlenfileGen(enum bmpClass const class, unsigned int const bitcount, - int const cmapsize, + unsigned int const cmapsize, unsigned int const x, unsigned int const y, unsigned int const imageSize, @@ -244,7 +244,7 @@ BMPlenfileGen(enum bmpClass const class, static __inline__ unsigned int BMPlenfile(enum bmpClass const class, unsigned int const bitcount, - int const cmapsize, + unsigned int const cmapsize, unsigned int const x, unsigned int const y) { /*---------------------------------------------------------------------------- diff --git a/converter/other/bmptopnm.c b/converter/other/bmptopnm.c index bf16056b..75d73428 100644 --- a/converter/other/bmptopnm.c +++ b/converter/other/bmptopnm.c @@ -95,8 +95,11 @@ struct bmpInfoHeader { described by the "mask" values in the header, rather than fixed formats. */ - int cmapsize; - /* Size in bytes of the colormap (palette) in the BMP file */ + unsigned int cmapsize; + /* Size in bytes of the colormap (palette) in the BMP file. + + Zero means there is no colormap. + */ unsigned int imageSize; /* Size in bytes of the image data. We only reference this when the image is compressed. */ @@ -390,7 +393,7 @@ readWindowsBasic40ByteInfoHeader(FILE * const ifP, GetLong(ifP); /* YpixelsPerMeter */ colorsused = GetLong(ifP); /* ColorsUsed */ /* See comments in bmp.h for info about the definition of the following - word and its relationship to the color map size (*pcmapsize). + word and its relationship to the color map size (headerP->cmapsize). */ colorsimportant = GetLong(ifP); /* ColorsImportant */ @@ -623,7 +626,7 @@ static void BMPreadcolormap(FILE * const ifP, int const class, xel ** const colormapP, - int const cmapsize, + unsigned int const cmapsize, unsigned int * const bytesReadP) { /*---------------------------------------------------------------------------- Read the color map from the present position in the input BMP file @@ -638,7 +641,7 @@ BMPreadcolormap(FILE * const ifP, 'class' is the class of BMP image - Windows or OS/2. -----------------------------------------------------------------------------*/ - int i; + unsigned int i; xel * colormap; unsigned int bytesRead; @@ -1178,7 +1181,7 @@ reportHeader(struct bmpInfoHeader const header, header.compression == COMP_JPEG ? "JPEG (not supported)" : header.compression == COMP_PNG ? "PNG (not supported)" : "???"); - pm_message(" Colors in color map: %d", header.cmapsize); + pm_message(" Colors in color map: %u", header.cmapsize); } -- cgit 1.4.1