]> git.saurik.com Git - wxWidgets.git/blobdiff - src/common/imagtga.cpp
fixing overrelease and out-of-bounds write, fixes #13725
[wxWidgets.git] / src / common / imagtga.cpp
index 8f9737ca4e7c9e8a24a4ae1bcd3beb57883e32ba..9a5c4ccd87c1299450192ac4274e1f94c6847d37 100644 (file)
@@ -1,5 +1,5 @@
 /////////////////////////////////////////////////////////////////////////////
-// Name:        imagtga.cpp
+// Name:        src/common/imagtga.cpp
 // Purpose:     wxImage TGA handler
 // Author:      Seth Jackson
 // CVS-ID:      $Id$
@@ -131,6 +131,11 @@ int DecodeRLE(unsigned char* imageData, unsigned long imageSize,
 
             index += current * pixelSize;
 
+            if (index >= imageSize)
+            {
+                return wxTGA_IOERR;
+            }
+
             // Repeat the pixel length times.
             if ( !stream.Read(buf, pixelSize) )
                 return wxTGA_IOERR;
@@ -151,6 +156,11 @@ int DecodeRLE(unsigned char* imageData, unsigned long imageSize,
 
             index += length;
 
+            if (index >= imageSize)
+            {
+                return wxTGA_IOERR;
+            }
+
             // Write the next length pixels directly to the image data.
             if ( !stream.Read(imageData, length) )
                 return wxTGA_IOERR;
@@ -217,7 +227,7 @@ int ReadTGA(wxImage* image, wxInputStream& stream)
 
     image->Create(width, height);
 
-    if (!image->Ok())
+    if (!image->IsOk())
     {
         return wxTGA_MEMERR;
     }
@@ -282,9 +292,9 @@ int ReadTGA(wxImage* image, wxInputStream& stream)
 
         case 1:
         {
-            unsigned char r;
-            unsigned char g;
-            unsigned char b;
+            unsigned char r = 0;
+            unsigned char g = 0;
+            unsigned char b = 0;
 
             // No compression read the data directly to imageData.
 
@@ -476,9 +486,9 @@ int ReadTGA(wxImage* image, wxInputStream& stream)
 
         case 9:
         {
-            unsigned char r;
-            unsigned char g;
-            unsigned char b;
+            unsigned char r = 0;
+            unsigned char g = 0;
+            unsigned char b = 0;
 
             // Decode the RLE data.
 
@@ -836,7 +846,7 @@ bool wxTGAHandler::DoCanRead(wxInputStream& stream)
     unsigned char hdr[HDR_SIZE];
     stream.Read(hdr, HDR_SIZE);     // it's ok to modify the stream position here
 
-    // Check wether we can read the file or not.
+    // Check whether we can read the file or not.
 
     short colorType = hdr[HDR_COLORTYPE];
     if ( colorType != wxTGA_UNMAPPED && colorType != wxTGA_MAPPED )