diff options
| author | nyamatongwe <devnull@localhost> | 2004-03-04 09:28:06 +0000 |
|---|---|---|
| committer | nyamatongwe <devnull@localhost> | 2004-03-04 09:28:06 +0000 |
| commit | a11744bf524da19d5627aca61b129569e8131d76 (patch) | |
| tree | 90161e1785cc25aa39cdbaee7485a6da9896bc1b | |
| parent | 64a7404e1b5330c14135220c33ed7c397f07c0ad (diff) | |
| download | scintilla-mirror-a11744bf524da19d5627aca61b129569e8131d76.tar.gz | |
Patch from Philippe to make decoding safer.
| -rw-r--r-- | src/XPM.cxx | 27 |
1 files changed, 23 insertions, 4 deletions
diff --git a/src/XPM.cxx b/src/XPM.cxx index e693736a2..d3bbb4dcc 100644 --- a/src/XPM.cxx +++ b/src/XPM.cxx @@ -13,6 +13,10 @@ #include "XPM.h" static const char *NextField(const char *s) { + // In case there are leading spaces in the string + while (*s && *s == ' ') { + s++; + } while (*s && *s != ' ') { s++; } @@ -70,8 +74,10 @@ void XPM::Init(const char *textForm) { if ((0 == memcmp(textForm, "/* X", 4)) && (0 == memcmp(textForm, "/* XPM */", 9))) { // Build the lines form out of the text form const char **linesForm = LinesFormFromTextForm(textForm); - Init(linesForm); - delete []linesForm; + if (linesForm != 0) { + Init(linesForm); + delete []linesForm; + } } else { // It is really in line form Init(reinterpret_cast<const char * const *>(textForm)); @@ -190,9 +196,11 @@ const char **XPM::LinesFormFromTextForm(const char *textForm) { const char **linesForm = 0; int countQuotes = 0; int strings=1; - for (int j=0; countQuotes < (2*strings); j++) { + int j=0; + for (; countQuotes < (2*strings) && textForm[j] != '\0'; j++) { if (textForm[j] == '\"') { if (countQuotes == 0) { + // First field: width, height, number of colors, chars per pixel const char *line0 = textForm + j + 1; // Skip width line0 = NextField(line0); @@ -202,13 +210,24 @@ const char **XPM::LinesFormFromTextForm(const char *textForm) { // Add 1 line for each colour strings += atoi(line0); linesForm = new const char *[strings]; + if (linesForm == 0) { + break; // Memory error! + } + } + if (countQuotes / 2 >= strings) { + break; // Bad height or number of colors! } - if (linesForm && ((countQuotes & 1) == 0)) { + if ((countQuotes & 1) == 0) { linesForm[countQuotes / 2] = textForm + j + 1; } countQuotes++; } } + if (textForm[j] == '\0' || countQuotes / 2 > strings) { + // Malformed XPM! Height + number of colors too high or too low + delete []linesForm; + linesForm = 0; + } return linesForm; } |