From 69eb11b847e475e1f9cee55da55c5018f6a9cc59 Mon Sep 17 00:00:00 2001 From: Curtis McEnroe Date: Sun, 28 Oct 2018 21:53:53 -0400 Subject: Prevent buffer overflows in pngo --- bin/pngo.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'bin') diff --git a/bin/pngo.c b/bin/pngo.c index 6835642d..52222efd 100644 --- a/bin/pngo.c +++ b/bin/pngo.c @@ -110,8 +110,12 @@ static void skipChunk(struct Chunk chunk) { if (!(chunk.type[0] & 0x20)) { errx(EX_CONFIG, "%s: unsupported critical chunk %s", path, typeStr(chunk)); } - uint8_t discard[chunk.size]; - readExpect(discard, sizeof(discard), "chunk data"); + uint8_t discard[4096]; + while (chunk.size > sizeof(discard)) { + readExpect(discard, sizeof(discard), "chunk data"); + chunk.size -= sizeof(discard); + } + if (chunk.size) readExpect(discard, chunk.size, "chunk data"); readCrc(); } @@ -307,6 +311,10 @@ static void readPalette(struct Chunk chunk) { } palette.len = chunk.size / 3; + if (palette.len > 256) { + errx(EX_DATAERR, "%s: PLTE length %u > 256", path, palette.len); + } + readExpect(palette.entries, chunk.size, "palette data"); readCrc(); @@ -323,6 +331,9 @@ static void writePalette(void) { static void readTrans(struct Chunk chunk) { trans.len = chunk.size; + if (trans.len > 256) { + errx(EX_DATAERR, "%s: tRNS length %u > 256", path, trans.len); + } readExpect(trans.alpha, chunk.size, "transparency alpha"); readCrc(); if (verbose) fprintf(stderr, "%s: transparency length %u\n", path, trans.len); -- cgit 1.4.1 name='id' value='88aebda7ca4f4d2a55c26fc9ca6aeecfaf8d627e'/>
path: root/port/caesar/caesar.6 (unfollow)
Commit message (Expand)Author
2019-07-06Remove redundant includeJune McEnroe
2019-07-06Add CSS output to schemeJune McEnroe
2019-07-01Add diff syntax to hiJune McEnroe
2019-07-01Use env.sh as 1sh todo listJune McEnroe
2019-06-29Clean up 1sh prompt settingJune McEnroe
2019-06-29Add Parable of the TalentsJune McEnroe
2019-06-28Rename catsh to 1shJune McEnroe
2019-06-28Set HISTSIZE in catshJune McEnroe
2019-06-28Unset iflag when exiting catshJune McEnroe
2019-06-24Consolidate catsh history documentationJune McEnroe
2019-06-19Set LESS=FRXJune McEnroe
2019-06-16Alias date=ddateJune McEnroe
2019-06-15Set sensitivity by slot in TF2June McEnroe
2019-06-15Add AcceptanceJune McEnroe
2019-06-07Add variables to bitJune McEnroe
2019-06-05Add A Closed and Common OrbitJune McEnroe
2019-06-02Add RebornJune McEnroe
2019-05-30Add bit to bin.7June McEnroe
2019-05-30Simplify and build bitJune McEnroe
2019-05-29Add xx -p optionJune McEnroe
2019-05-27Add FrontierJune McEnroe
2019-05-27Break nicks with ZWNJJune McEnroe
2019-05-26Add DawnJune McEnroe
2019-05-20Declare vasprintf(3) for GNUJune McEnroe
2019-05-20Fix comparison warning in ttpreJune McEnroe
2019-05-20Add AuthorityJune McEnroe
2019-05-19Specify precedence of unary versions of operatorsJune McEnroe
2019-05-18Add compound assignment operators to orderJune McEnroe
2019-05-15Support simple assignment in orderJune McEnroe
2019-05-15Implement sizeof in orderJune McEnroe
2019-05-15Add orderJune McEnroe
2019-05-12Add T suffix in bitJune McEnroe
2019-05-10Highlight yacc and lex files as CJune McEnroe
2019-05-10Use val instead of suboptargJune McEnroe
2019-05-09Add Parable of the SowerJune McEnroe
2019-05-07Add bit without buildJune McEnroe
2019-05-04Fix MANDIR typoJune McEnroe
2019-05-04Move relay to binJune McEnroe