[Bf-blender-cvs] SVN commit: /data/svn/bf-blender [56495] trunk/blender/source/blender/imbuf /intern/jpeg.c: Fix for non-terminated reading of JPEG metadata
Sv. Lockal
lockalsash at gmail.com
Sat May 4 23:12:23 CEST 2013
Revision: 56495
http://projects.blender.org/scm/viewvc.php?view=rev&root=bf-blender&revision=56495
Author: lockal
Date: 2013-05-04 21:12:23 +0000 (Sat, 04 May 2013)
Log Message:
-----------
Fix for non-terminated reading of JPEG metadata
This commit prevents Blender reading memory next to non-null-terminated JPEG metadata strings
Modified Paths:
--------------
trunk/blender/source/blender/imbuf/intern/jpeg.c
Modified: trunk/blender/source/blender/imbuf/intern/jpeg.c
===================================================================
--- trunk/blender/source/blender/imbuf/intern/jpeg.c 2013-05-04 13:17:43 UTC (rev 56494)
+++ trunk/blender/source/blender/imbuf/intern/jpeg.c 2013-05-04 21:12:23 UTC (rev 56495)
@@ -371,6 +371,12 @@
goto next_stamp_marker;
/*
+ * JPEG marker strings are not null-terminated,
+ * create a null-terminated copy before going further
+ */
+ str = BLI_strdupn((char *)marker->data, marker->data_length);
+
+ /*
* Because JPEG format don't support the
* pair "key/value" like PNG, we store the
* stampinfo in a single "encode" string:
@@ -379,7 +385,7 @@
* That is why we need split it to the
* common key/value here.
*/
- if (strncmp((char *) marker->data, "Blender", 7)) {
+ if (strncmp(str, "Blender", 7)) {
/*
* Maybe the file have text that
* we don't know "what it's", in that
@@ -389,12 +395,12 @@
* the information when we write
* it back to disk.
*/
- IMB_metadata_add_field(ibuf, "None", (char *) marker->data);
+ IMB_metadata_add_field(ibuf, "None", str);
ibuf->flags |= IB_metadata;
+ MEM_freeN(str);
goto next_stamp_marker;
}
- str = BLI_strdup((char *) marker->data);
key = strchr(str, ':');
/*
* A little paranoid, but the file maybe
More information about the Bf-blender-cvs
mailing list