From 4baca0eb3d71710cd598ffcb356ff302b9814c7c Mon Sep 17 00:00:00 2001 From: Stijn Buys Date: Tue, 17 Feb 2009 18:15:05 +0000 Subject: Fixed an overflow in the TGA reader, always enable libjpeg #define workaround --- src/render/jpgfile.cc | 4 +--- src/render/tgafile.cc | 7 ++++--- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/render/jpgfile.cc b/src/render/jpgfile.cc index 7713a07..5ed3ff8 100644 --- a/src/render/jpgfile.cc +++ b/src/render/jpgfile.cc @@ -18,12 +18,10 @@ http://www.zarb.org/~gc/html/libpng.html #include "render/jpgfile.h" #include "sys/sys.h" -// work around for the win32 build -#ifdef _WIN32 +// work-around for a jpeglib problem, needed on win32 and osx #ifdef HAVE_STDLIB_H #undef HAVE_STDLIB_H #endif -#endif extern "C" { #include "jpeglib.h" } diff --git a/src/render/tgafile.cc b/src/render/tgafile.cc index c4e6b56..d4d5df8 100644 --- a/src/render/tgafile.cc +++ b/src/render/tgafile.cc @@ -109,6 +109,7 @@ Image *TGA::load(const char *filename) tga_file->skip(tga_color_map_length*tga_colormap_entry); } + // FIXME channels should be a sane value unsigned int index = 0; unsigned int channels = tga_depth / 8; @@ -167,11 +168,11 @@ Image *TGA::load(const char *filename) while (index < tga_width * tga_height) { unsigned char rle = 0; - unsigned char pixel_data[3]; + unsigned char pixel_data[4]; // read RLE packet byte tga_file->read(&rle, 1); - + if (rle < 128) { rle++; // rle contains the number of pixels-1 tga_file->read((void *)(*image)[index*channels], rle*channels); @@ -181,7 +182,7 @@ Image *TGA::load(const char *filename) rle -= 127; // rle contains 128 + the number of identical pixels-1 tga_file->read(pixel_data, channels); - while (rle) { + while (rle > 0 ) { memcpy((void *)(*image)[index*channels], (void *)pixel_data, channels); index++; rle--; -- cgit v1.2.3