From aa9c5657224df094641b2c6c29326c41ffa8c9e0 Mon Sep 17 00:00:00 2001 From: Dheeraj Date: Thu, 21 Mar 2019 18:01:43 +0530 Subject: [PATCH] Add checks for processing gif. Fixes #81. Fixes #82. Some checks are added so that program exits gracefully. These checks are added according to the gifs given by @ocean1. Some other corrupted gif may crash at some other part of the code. Return type of flush_tile() function is changed to int. --- .gitignore | 1 + cupsfilters/image-gif.c | 15 ++++++++++++--- cupsfilters/image.c | 23 ++++++++++++++++------- 3 files changed, 29 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index 87292cf94..53be45946 100644 --- a/.gitignore +++ b/.gitignore @@ -96,3 +96,4 @@ testdither testimage testrgb ttfread +.vscode/ diff --git a/cupsfilters/image-gif.c b/cupsfilters/image-gif.c index 53cd86a52..c225dc709 100644 --- a/cupsfilters/image-gif.c +++ b/cupsfilters/image-gif.c @@ -126,7 +126,13 @@ _cupsImageReadGIF( transparent = buf[3]; } - while (gif_get_block(fp, buf) != 0); + while (gif_get_block(fp, buf) != 0) + { + if(gif_eof) + { + return (-1); + } + } break; case ',' : /* cupsImage data */ @@ -487,8 +493,11 @@ gif_read_image(FILE *fp, /* I - Input file */ temp += bpp; if (xpos == img->xsize) { - _cupsImagePutRow(img, 0, ypos, img->xsize, pixels); - + int res = _cupsImagePutRow(img, 0, ypos, img->xsize, pixels); + if(res) + { + return (-1); + } xpos = 0; temp = pixels; diff --git a/cupsfilters/image.c b/cupsfilters/image.c index 1eb12f2f1..ac96541be 100644 --- a/cupsfilters/image.c +++ b/cupsfilters/image.c @@ -39,7 +39,7 @@ * Local functions... */ -static void flush_tile(cups_image_t *img); +static int flush_tile(cups_image_t *img); static cups_ib_t *get_tile(cups_image_t *img, int x, int y); @@ -614,7 +614,7 @@ cupsImageSetMaxTiles( * 'flush_tile()' - Flush the least-recently-used tile in the cache. */ -static void +static int flush_tile(cups_image_t *img) /* I - Image */ { int bpp; /* Bytes per pixel */ @@ -622,12 +622,16 @@ flush_tile(cups_image_t *img) /* I - Image */ bpp = cupsImageGetDepth(img); + if(img==NULL||img->first==NULL||img->first->tile==NULL) + { + return -1; + } tile = img->first->tile; if (!tile->dirty) { tile->ic = NULL; - return; + return 0; } if (img->cachefile < 0) @@ -637,7 +641,7 @@ flush_tile(cups_image_t *img) /* I - Image */ { tile->ic = NULL; tile->dirty = 0; - return; + return 0; } DEBUG_printf(("Created swap file \"%s\"...\n", img->cachename)); @@ -649,7 +653,7 @@ flush_tile(cups_image_t *img) /* I - Image */ { tile->ic = NULL; tile->dirty = 0; - return; + return 0; } } else @@ -658,7 +662,7 @@ flush_tile(cups_image_t *img) /* I - Image */ { tile->ic = NULL; tile->dirty = 0; - return; + return 0; } } @@ -668,6 +672,7 @@ flush_tile(cups_image_t *img) /* I - Image */ tile->ic = NULL; tile->dirty = 0; + return 0; } @@ -743,7 +748,11 @@ get_tile(cups_image_t *img, /* I - Image */ { DEBUG_printf(("Flushing old cache tile (%p)...\n", img->first)); - flush_tile(img); + int res = flush_tile(img); + if(res) + { + return NULL; + } ic = img->first; } -- 2.47.2