Mercurial > hg > dmlib

comparison tools/lib64gfx.c @ 1419:56f643d647b7

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Better fix for the RLE decoding bounds issue, not changing dmDecodeGenericRLE() API.
author Matti Hamalainen <ccr@tnsp.org>
date Sun, 05 Nov 2017 23:27:53 +0200
parents d8a509d72449
children f08c4ace528d
comparison
equal deleted inserted replaced
1418:d8a509d72449 1419:56f643d647b7
304 static int fmtDecodeDrazPaintPacked(DMC64Image *img, const Uint8 *buf, const size_t len, const DMC64ImageFormat *fmt) 304 static int fmtDecodeDrazPaintPacked(DMC64Image *img, const Uint8 *buf, const size_t len, const DMC64ImageFormat *fmt)
305 { 305 {
306 int res; 306 int res;
307 Uint8 *mem = NULL, *end; 307 Uint8 *mem = NULL, *end;
308 308
309 if ((res = dmDecodeGenericRLE(&mem, &end, buf + 0x0e, buf + len, *(buf + 0x0d))) != DMERR_OK) 309 if ((res = dmDecodeGenericRLE(&mem, &end, buf + 0x0e, buf + len - 1, *(buf + 0x0d))) != DMERR_OK)
310 goto out; 310 goto out;
311 311
312 res = dmC64DecodeGenericBMP(img, mem, end - mem + 1, fmt); 312 res = dmC64DecodeGenericBMP(img, mem, end - mem + 1, fmt);
313 313
314 out: 314 out:
375 static int fmtDecodeAmicaPaintPacked(DMC64Image *img, const Uint8 *buf, const size_t len, const DMC64ImageFormat *fmt) 375 static int fmtDecodeAmicaPaintPacked(DMC64Image *img, const Uint8 *buf, const size_t len, const DMC64ImageFormat *fmt)
376 { 376 {
377 int res; 377 int res;
378 Uint8 *mem = NULL, *end; 378 Uint8 *mem = NULL, *end;
379 379
380 if ((res = dmDecodeGenericRLE(&mem, &end, buf, buf + len, 0xC2)) != DMERR_OK) 380 if ((res = dmDecodeGenericRLE(&mem, &end, buf, buf + len - 1, 0xC2)) != DMERR_OK)
381 goto out; 381 goto out;
382 382
383 res = dmC64DecodeGenericBMP(img, mem, end - mem + 1, fmt); 383 res = dmC64DecodeGenericBMP(img, mem, end - mem + 1, fmt);
384 384
385 out: 385 out:
489 static int fmtDecodeFunPaint2Packed(DMC64Image *img, const Uint8 *buf, const size_t len, const DMC64ImageFormat *fmt) 489 static int fmtDecodeFunPaint2Packed(DMC64Image *img, const Uint8 *buf, const size_t len, const DMC64ImageFormat *fmt)
490 { 490 {
491 int res; 491 int res;
492 Uint8 *mem = NULL, *end; 492 Uint8 *mem = NULL, *end;
493 493
494 if ((res = dmDecodeGenericRLE(&mem, &end, buf + FUNPAINT2_HEADER_SIZE, buf + len, *(buf + 15))) != DMERR_OK) 494 if ((res = dmDecodeGenericRLE(&mem, &end, buf + FUNPAINT2_HEADER_SIZE, buf + len - 1, *(buf + 15))) != DMERR_OK)
495 goto out; 495 goto out;
496 496
497 res = dmC64DecodeGenericBMP(img, mem, end - mem + 1, fmt); 497 res = dmC64DecodeGenericBMP(img, mem, end - mem + 1, fmt);
498 498
499 out: 499 out: