Aren
/
haiku
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed type mismatch in picture data. 

The size of an operation block was written as size_t by PictureDataWriter
but read as int32 by PicturePlayer. Fixes an app_server crash.
This commit is contained in:
Alex Smith 2012-08-10 10:34:28 +01:00
parent 5084d0d451
commit 81aad168f8
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/kits/interface/PicturePlayer.cpp
View File

@ -173,9 +173,9 @@ PicturePlayer::Play(void **callBackTable, int32 tableEntries, void *userData)
while ((pos + 6) <= fSize) { while ((pos + 6) <= fSize) {
int16 op = *reinterpret_cast<const int16 *>(data); int16 op = *reinterpret_cast<const int16 *>(data);
int32 size = *reinterpret_cast<const int32 *>(data + 2); size_t size = *reinterpret_cast<const size_t *>(data + sizeof(int16));
pos += 6; pos += sizeof(int16) + sizeof(size_t);
data += 6; data += sizeof(int16) + sizeof(size_t);
if (pos + size > fSize) if (pos + size > fSize)
debugger("PicturePlayer::Play: buffer overrun\n"); debugger("PicturePlayer::Play: buffer overrun\n");