diff options
| author | Andrey Nazarov <skuller@skuller.net> | 2008-03-27 17:55:33 +0000 |
|---|---|---|
| committer | Andrey Nazarov <skuller@skuller.net> | 2008-03-27 17:55:33 +0000 |
| commit | 2077e015e89f899ac54572a81e2a4ee6343cdba9 (patch) | |
| tree | 8b3bc56a5674acc6342f5a70a424cad3954eb9ed | |
| parent | c12abcbe8b5fa0a527a3093d73c31492716b8d18 (diff) | |
Prevent endless loop when reading certain corrupted PNG images.
| -rw-r--r-- | source/r_images.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/source/r_images.c b/source/r_images.c index 9a9fb7a..22e3a8d 100644 --- a/source/r_images.c +++ b/source/r_images.c @@ -924,10 +924,11 @@ static void QDECL png_vfs_read_fn( png_structp png_ptr, png_bytep buf, png_size_ struct pngReadStruct *r = png_get_io_ptr( png_ptr ); if( r->data + size > r->maxp ) { - size = r->maxp - r->data; - } - memcpy( buf, r->data, size ); - r->data += size; + png_error( png_ptr, "read error" ); + } else { + memcpy( buf, r->data, size ); + r->data += size; + } } static void QDECL png_console_error_fn( png_structp png_ptr, png_const_charp error_msg ) { |