Commit f04b349f authored by Tobias Stoeckmann's avatar Tobias Stoeckmann Committed by Alan Coopersmith

Fix null pointer dereference on very large images.

If xcursorgen encounters a PNG file which is larger than 32767 pixels
in width or height, a null pointer dereference occurs because the
return value of XcursorImageCreate is not checked.

The largest possible value is 32767 for libXcursor, which is a hard
coded limit due to a 16 bit integer used (0x7FFF).

Fixes: #1Signed-off-by: Tobias Stoeckmann's avatarTobias Stoeckmann <tobias@stoeckmann.org>
Reviewed-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Alan Coopersmith's avatarAlan Coopersmith <alan.coopersmith@oracle.com>
parent f6684435
......@@ -262,6 +262,12 @@ load_image (struct flist *list, const char *prefix)
png_read_update_info (png, info);
image = XcursorImageCreate (width, height);
if (image == NULL)
{
fclose (fp);
png_destroy_read_struct (&png, &info, NULL);
return NULL;
}
image->size = list->size;
image->xhot = list->xhot;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment