diff options
Diffstat (limited to 'plugins/AdvaImg/src/LibJPEG/wrjpgcom.c')
| -rw-r--r-- | plugins/AdvaImg/src/LibJPEG/wrjpgcom.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/plugins/AdvaImg/src/LibJPEG/wrjpgcom.c b/plugins/AdvaImg/src/LibJPEG/wrjpgcom.c index 7d10ee66e8..66dccee636 100644 --- a/plugins/AdvaImg/src/LibJPEG/wrjpgcom.c +++ b/plugins/AdvaImg/src/LibJPEG/wrjpgcom.c @@ -2,6 +2,7 @@ * wrjpgcom.c
*
* Copyright (C) 1994-1997, Thomas G. Lane.
+ * Modified 2015 by Guido Vollbeding.
* This file is part of the Independent JPEG Group's software.
* For conditions of distribution and use, see the accompanying README file.
*
@@ -453,6 +454,11 @@ main (int argc, char **argv) comment_arg = (char *) malloc((size_t) MAX_COM_LENGTH);
if (comment_arg == NULL)
ERREXIT("Insufficient memory");
+ if (strlen(argv[argn]+1) >= (size_t) MAX_COM_LENGTH) {
+ fprintf(stderr, "Comment text may not exceed %u bytes\n",
+ (unsigned int) MAX_COM_LENGTH);
+ exit(EXIT_FAILURE);
+ }
strcpy(comment_arg, argv[argn]+1);
for (;;) {
comment_length = (unsigned int) strlen(comment_arg);
@@ -462,9 +468,19 @@ main (int argc, char **argv) }
if (++argn >= argc)
ERREXIT("Missing ending quote mark");
+ if (strlen(comment_arg) + 1 + strlen(argv[argn]) >=
+ (size_t) MAX_COM_LENGTH) {
+ fprintf(stderr, "Comment text may not exceed %u bytes\n",
+ (unsigned int) MAX_COM_LENGTH);
+ exit(EXIT_FAILURE);
+ }
strcat(comment_arg, " ");
strcat(comment_arg, argv[argn]);
}
+ } else if (strlen(comment_arg) >= (size_t) MAX_COM_LENGTH) {
+ fprintf(stderr, "Comment text may not exceed %u bytes\n",
+ (unsigned int) MAX_COM_LENGTH);
+ exit(EXIT_FAILURE);
}
comment_length = (unsigned int) strlen(comment_arg);
} else
|