git-svn-id: https://svn.wxwidgets.org/svn/wx/wxWidgets/trunk@54766
c3d73ce0-8a6f-49c7-b76d-
6d57e0e08775
void RLEdecode(unsigned char *p, unsigned int size, wxInputStream& s)
{
void RLEdecode(unsigned char *p, unsigned int size, wxInputStream& s)
{
- unsigned int i, data, cont;
-
// Read 'size' bytes. The PCX official specs say there will be
// a decoding break at the end of each scanline (but not at the
// end of each plane inside a scanline). Only use this function
// to read one or more _complete_ scanlines. Else, more than
// 'size' bytes might be read and the buffer might overflow.
// Read 'size' bytes. The PCX official specs say there will be
// a decoding break at the end of each scanline (but not at the
// end of each plane inside a scanline). Only use this function
// to read one or more _complete_ scanlines. Else, more than
// 'size' bytes might be read and the buffer might overflow.
- data = (unsigned char)s.GetC();
+ unsigned int data = (unsigned char)s.GetC();
// If ((data & 0xC0) != 0xC0), then the value read is a data
// byte. Else, it is a counter (cont = val & 0x3F) and the
// If ((data & 0xC0) != 0xC0), then the value read is a data
// byte. Else, it is a counter (cont = val & 0x3F) and the
+ unsigned int cont = data & 0x3F;
+ if (cont > size) // can happen only if the file is malformed
+ break;
data = (unsigned char)s.GetC();
data = (unsigned char)s.GetC();
- for (i = 1; i <= cont; i++)
+ for (unsigned int i = 1; i <= cont; i++)
*(p++) = (unsigned char)data;
size -= cont;
}
*(p++) = (unsigned char)data;
size -= cont;
}
projects / wxWidgets.git / commitdiff
