third_party/exiv2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

#537: Check PNG chunk length.

Browse Source
This commit is contained in:
Andreas Huggel 2008-01-08 15:44:14 +00:00
parent 9d33fd206c
commit b75fc593f0
1 changed files with 21 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/pngchunk.cpp
View File

@ -70,6 +70,13 @@ PNG tags : http://www.sno.phy.queensu.ca/~phil/exiftool/TagNames/PN
*/
// *****************************************************************************
// local declarations
namespace {
// Return the checked length of a PNG chunk
long chunkLength(const Exiv2::byte* pData, long index);
}
// *****************************************************************************
// class member definitions
namespace Exiv2 {
@ -83,7 +90,7 @@ namespace Exiv2 {
// look for a tEXt chunk
long index = 8;
index += getLong(&pData[index], bigEndian) + PNG_CHUNK_HEADER_SIZE;
index += chunkLength(pData, index) + PNG_CHUNK_HEADER_SIZE;
while(index < size-PNG_CHUNK_HEADER_SIZE)
{
@ -95,7 +102,7 @@ namespace Exiv2 {
if (!strncmp((char*)PNG_CHUNK_TYPE(pData, index), "IEND", 4))
throw Error(14);
index += getLong(&pData[index], bigEndian) + PNG_CHUNK_HEADER_SIZE;
index += chunkLength(pData, index) + PNG_CHUNK_HEADER_SIZE;
}
if (index < size-PNG_CHUNK_HEADER_SIZE)
@ -123,7 +130,7 @@ namespace Exiv2 {
parseChunkContent(pImage, key, arr);
index += getLong(&pData[index], bigEndian) + PNG_CHUNK_HEADER_SIZE;
index += chunkLength(pData, index) + PNG_CHUNK_HEADER_SIZE;
}
}
@ -692,3 +699,14 @@ namespace Exiv2 {
*/
} // namespace Exiv2
// *****************************************************************************
// local definitions
namespace {
long chunkLength(const Exiv2::byte* pData, long index)
{
uint32_t length = Exiv2::getULong(&pData[index], Exiv2::bigEndian);
if (length > 0x7FFFFFFF) throw Exiv2::Error(14);
return static_cast<long>(length);
}
}