summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHermet Park <hermetpark@gmail.com>2019-04-23 19:04:21 +0900
committerHermet Park <hermetpark@gmail.com>2019-04-23 19:19:07 +0900
commit68fe9ec6bf60b4730ad7fdbf2698dc7aa130b94d (patch)
tree1b126c8731a163c191a18ad12f17eb89a6ad00e0
parent7f0e9f9df7474465aed654d3de3c7bf3701a92ee (diff)
evas image: check format more strong way for wbmp.
wbmp format doesn't have any tags for verifying file header, It's easy to pass other format headers if they have the first 1 byte 0x0, This ocassionally brings wrong result (= succeeed loading image), if unknown file format is tried. So, to make it sure, here verify the size of image additionally. if the image size is not expected, It returns fail as the result. This problem is actually happened in this scenario. open any mpeg file with elm_image. elm_image_file_set() will return true though it fails to read data. since wbmp make it pass to succeed. @fix
-rw-r--r--src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c20
1 files changed, 19 insertions, 1 deletions
diff --git a/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c b/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c
index 633afe9567..00e67f3713 100644
--- a/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c
+++ b/src/modules/evas/image_loaders/wbmp/evas_image_load_wbmp.c
@@ -73,6 +73,15 @@ evas_image_load_file_head_wbmp(void *loader_data,
73 position++; /* skipping one byte */ 73 position++; /* skipping one byte */
74 if (read_mb(&w, map, length, &position) < 0) goto bail; 74 if (read_mb(&w, map, length, &position) < 0) goto bail;
75 if (read_mb(&h, map, length, &position) < 0) goto bail; 75 if (read_mb(&h, map, length, &position) < 0) goto bail;
76
77 /* Wbmp header identifier is too weak....
78 Here checks size validation whether it's acutal wbmp or not. */
79 if (((w * h) >> 3) + position != length)
80 {
81 *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT;
82 goto bail;
83 }
84
76 if ((w < 1) || (h < 1) || (w > IMG_MAX_SIZE) || (h > IMG_MAX_SIZE) || 85 if ((w < 1) || (h < 1) || (w > IMG_MAX_SIZE) || (h > IMG_MAX_SIZE) ||
77 IMG_TOO_BIG(w, h)) 86 IMG_TOO_BIG(w, h))
78 { 87 {
@@ -116,11 +125,20 @@ evas_image_load_file_data_wbmp(void *loader_data,
116 if (!map) goto bail; 125 if (!map) goto bail;
117 126
118 if (read_mb(&type, map, length, &position) < 0) goto bail; 127 if (read_mb(&type, map, length, &position) < 0) goto bail;
128
129 if (type != 0)
130 {
131 *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT;
132 goto bail;
133 }
134
119 position++; /* skipping one byte */ 135 position++; /* skipping one byte */
120 if (read_mb(&w, map, length, &position) < 0) goto bail; 136 if (read_mb(&w, map, length, &position) < 0) goto bail;
121 if (read_mb(&h, map, length, &position) < 0) goto bail; 137 if (read_mb(&h, map, length, &position) < 0) goto bail;
122 138
123 if (type != 0) 139 /* Wbmp header identifier is too weak....
140 Here checks size validation whether it's acutal wbmp or not. */
141 if (((w * h) >> 3) + position != length)
124 { 142 {
125 *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT; 143 *error = EVAS_LOAD_ERROR_UNKNOWN_FORMAT;
126 goto bail; 144 goto bail;