|
 |
9ddcac |
diff -urNp old/plug-ins/file-fli/fli.c new/plug-ins/file-fli/fli.c
|
|
|
9ddcac |
--- old/plug-ins/file-fli/fli.c 2018-01-04 12:19:54.714139464 +0100
|
|
|
9ddcac |
+++ new/plug-ins/file-fli/fli.c 2018-01-04 12:34:18.568323629 +0100
|
|
|
9ddcac |
@@ -25,6 +25,8 @@
|
|
|
9ddcac |
|
|
|
9ddcac |
#include "config.h"
|
|
|
9ddcac |
|
|
|
9ddcac |
+#include <glib/gstdio.h>
|
|
|
9ddcac |
+
|
|
|
9ddcac |
#include <string.h>
|
|
|
9ddcac |
#include <stdio.h>
|
|
|
9ddcac |
|
|
|
9ddcac |
@@ -461,23 +463,27 @@ void fli_read_brun(FILE *f, s_fli_header
|
|
|
9ddcac |
unsigned short yc;
|
|
|
9ddcac |
unsigned char *pos;
|
|
|
9ddcac |
for (yc=0; yc < fli_header->height; yc++) {
|
|
|
9ddcac |
- unsigned short xc, pc, pcnt;
|
|
|
9ddcac |
+ unsigned short pc, pcnt;
|
|
|
9ddcac |
+ size_t n, xc;
|
|
|
9ddcac |
pc=fli_read_char(f);
|
|
|
9ddcac |
xc=0;
|
|
|
9ddcac |
pos=framebuf+(fli_header->width * yc);
|
|
|
9ddcac |
+ n=(size_t)fli_header->width * (fli_header->height-yc);
|
|
|
9ddcac |
for (pcnt=pc; pcnt>0; pcnt--) {
|
|
|
9ddcac |
unsigned short ps;
|
|
|
9ddcac |
ps=fli_read_char(f);
|
|
|
9ddcac |
if (ps & 0x80) {
|
|
|
9ddcac |
unsigned short len;
|
|
|
9ddcac |
- for (len=-(signed char)ps; len>0; len--) {
|
|
|
9ddcac |
+ for (len=-(signed char)ps; len>0 && xc
|
|
|
9ddcac |
pos[xc++]=fli_read_char(f);
|
|
|
9ddcac |
}
|
|
|
9ddcac |
} else {
|
|
|
9ddcac |
unsigned char val;
|
|
|
9ddcac |
+ size_t len;
|
|
|
9ddcac |
+ len=MIN(n-xc,ps);
|
|
|
9ddcac |
val=fli_read_char(f);
|
|
|
9ddcac |
- memset(&(pos[xc]), val, ps);
|
|
|
9ddcac |
- xc+=ps;
|
|
|
9ddcac |
+ memset(&(pos[xc]), val, len);
|
|
|
9ddcac |
+ xc+=len;
|
|
|
9ddcac |
}
|
|
|
9ddcac |
}
|
|
|
9ddcac |
}
|
|
|
9ddcac |
@@ -564,25 +570,34 @@ void fli_read_lc(FILE *f, s_fli_header *
|
|
|
9ddcac |
memcpy(framebuf, old_framebuf, fli_header->width * fli_header->height);
|
|
|
9ddcac |
firstline = fli_read_short(f);
|
|
|
9ddcac |
numline = fli_read_short(f);
|
|
|
9ddcac |
+ if (numline > fli_header->height || fli_header->height-numline < firstline)
|
|
|
9ddcac |
+ return;
|
|
|
9ddcac |
+
|
|
|
9ddcac |
for (yc=0; yc < numline; yc++) {
|
|
|
9ddcac |
- unsigned short xc, pc, pcnt;
|
|
|
9ddcac |
+ unsigned short pc, pcnt;
|
|
|
9ddcac |
+ size_t n, xc;
|
|
|
9ddcac |
pc=fli_read_char(f);
|
|
|
9ddcac |
xc=0;
|
|
|
9ddcac |
pos=framebuf+(fli_header->width * (firstline+yc));
|
|
|
9ddcac |
+ n=(size_t)fli_header->width * (fli_header->height-firstline-yc);
|
|
|
9ddcac |
for (pcnt=pc; pcnt>0; pcnt--) {
|
|
|
9ddcac |
unsigned short ps,skip;
|
|
|
9ddcac |
skip=fli_read_char(f);
|
|
|
9ddcac |
ps=fli_read_char(f);
|
|
|
9ddcac |
- xc+=skip;
|
|
|
9ddcac |
+ xc+=MIN(n-xc,skip);
|
|
|
9ddcac |
if (ps & 0x80) {
|
|
|
9ddcac |
unsigned char val;
|
|
|
9ddcac |
+ size_t len;
|
|
|
9ddcac |
ps=-(signed char)ps;
|
|
|
9ddcac |
val=fli_read_char(f);
|
|
|
9ddcac |
- memset(&(pos[xc]), val, ps);
|
|
|
9ddcac |
- xc+=ps;
|
|
|
9ddcac |
+ len=MIN(n-xc,ps);
|
|
|
9ddcac |
+ memset(&(pos[xc]), val, len);
|
|
|
9ddcac |
+ xc+=len;
|
|
|
9ddcac |
} else {
|
|
|
9ddcac |
- fread(&(pos[xc]), ps, 1, f);
|
|
|
9ddcac |
- xc+=ps;
|
|
|
9ddcac |
+ size_t len;
|
|
|
9ddcac |
+ len=MIN(n-xc,ps);
|
|
|
9ddcac |
+ fread(&(pos[xc]), len, 1, f);
|
|
|
9ddcac |
+ xc+=len;
|
|
|
9ddcac |
}
|
|
|
9ddcac |
}
|
|
|
9ddcac |
}
|
|
|
9ddcac |
@@ -689,7 +704,8 @@ void fli_read_lc_2(FILE *f, s_fli_header
|
|
|
9ddcac |
yc=0;
|
|
|
9ddcac |
numline = fli_read_short(f);
|
|
|
9ddcac |
for (lc=0; lc < numline; lc++) {
|
|
|
9ddcac |
- unsigned short xc, pc, pcnt, lpf, lpn;
|
|
|
9ddcac |
+ unsigned short pc, pcnt, lpf, lpn;
|
|
|
9ddcac |
+ size_t n, xc;
|
|
|
9ddcac |
pc=fli_read_short(f);
|
|
|
9ddcac |
lpf=0; lpn=0;
|
|
|
9ddcac |
while (pc & 0x8000) {
|
|
|
9ddcac |
@@ -700,26 +716,30 @@ void fli_read_lc_2(FILE *f, s_fli_header
|
|
|
9ddcac |
}
|
|
|
9ddcac |
pc=fli_read_short(f);
|
|
|
9ddcac |
}
|
|
|
9ddcac |
+ yc=MIN(yc, fli_header->height);
|
|
|
9ddcac |
xc=0;
|
|
|
9ddcac |
pos=framebuf+(fli_header->width * yc);
|
|
|
9ddcac |
+ n=(size_t)fli_header->width * (fli_header->height-yc);
|
|
|
9ddcac |
for (pcnt=pc; pcnt>0; pcnt--) {
|
|
|
9ddcac |
unsigned short ps,skip;
|
|
|
9ddcac |
skip=fli_read_char(f);
|
|
|
9ddcac |
ps=fli_read_char(f);
|
|
|
9ddcac |
- xc+=skip;
|
|
|
9ddcac |
+ xc+=MIN(n-xc,skip);
|
|
|
9ddcac |
if (ps & 0x80) {
|
|
|
9ddcac |
unsigned char v1,v2;
|
|
|
9ddcac |
ps=-(signed char)ps;
|
|
|
9ddcac |
v1=fli_read_char(f);
|
|
|
9ddcac |
v2=fli_read_char(f);
|
|
|
9ddcac |
- while (ps>0) {
|
|
|
9ddcac |
+ while (ps>0 && xc+1
|
|
|
9ddcac |
pos[xc++]=v1;
|
|
|
9ddcac |
pos[xc++]=v2;
|
|
|
9ddcac |
ps--;
|
|
|
9ddcac |
}
|
|
|
9ddcac |
} else {
|
|
|
9ddcac |
- fread(&(pos[xc]), ps, 2, f);
|
|
|
9ddcac |
- xc+=ps << 1;
|
|
|
9ddcac |
+ size_t len;
|
|
|
9ddcac |
+ len=MIN((n-xc)/2,ps);
|
|
|
9ddcac |
+ fread(&(pos[xc]), len, 2, f);
|
|
|
9ddcac |
+ xc+=len << 1;
|
|
|
9ddcac |
}
|
|
|
9ddcac |
}
|
|
|
9ddcac |
if (lpf) pos[xc]=lpn;
|