[Rawstudio-commit] r3037 - branches/rawstudio-ng-color/librawstudio
Klaus Post
klauspost at gmail.com
Tue Jan 19 20:11:26 CET 2010
Author: post
Date: 2010-01-19 20:11:25 +0100 (Tue, 19 Jan 2010)
New Revision: 3037
Modified:
branches/rawstudio-ng-color/librawstudio/rs-rawfile.c
Log:
raw_get_rational(): Ensure that we don't read out of bounds, and check for division by zero.
Modified: branches/rawstudio-ng-color/librawstudio/rs-rawfile.c
===================================================================
--- branches/rawstudio-ng-color/librawstudio/rs-rawfile.c 2010-01-19 17:43:08 UTC (rev 3036)
+++ branches/rawstudio-ng-color/librawstudio/rs-rawfile.c 2010-01-19 19:11:25 UTC (rev 3037)
@@ -144,11 +144,17 @@
gboolean
raw_get_rational(RAWFILE *rawfile, guint pos, gfloat *target)
{
+ if((rawfile->base+pos+8)>rawfile->size)
+ return(FALSE);
+
guint counter, divisor;
raw_get_uint(rawfile, pos, &counter);
raw_get_uint(rawfile, pos+4, &divisor);
+
+ if (divisor == 0)
+ return(FALSE);
+
*target = (gfloat) counter / (gfloat) divisor;
-
return(TRUE);
}
More information about the Rawstudio-commit
mailing list