diff options
| -rw-r--r-- | src/gui/image/qxbmhandler.cpp | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp index 0dd4e99..f9c2e0c 100644 --- a/src/gui/image/qxbmhandler.cpp +++ b/src/gui/image/qxbmhandler.cpp @@ -66,27 +66,36 @@ static inline int hex2byte(register char *p) static bool read_xbm_header(QIODevice *device, int& w, int& h) { const int buflen = 300; + const int maxlen = 4096; char buf[buflen + 1]; QRegExp r1(QLatin1String("^#define[ \t]+[a-zA-Z0-9._]+[ \t]+")); QRegExp r2(QLatin1String("[0-9]+")); qint64 readBytes = 0; + qint64 totalReadBytes = 0; - // "#define .._width <num>" - readBytes = device->readLine(buf, buflen); - if (readBytes <= 0) - return false; - buf[readBytes - 1] = '\0'; + buf[0] = '\0'; // skip initial comment, if any - while (buf[0] != '#' && (readBytes = device->readLine( buf, buflen )) > 0) {} + while (buf[0] != '#') { + readBytes = device->readLine(buf, buflen); + + // if readBytes >= buflen, it's very probably not a C file + if (readBytes <= 0 || readBytes >= buflen -1) + return false; + + // limit xbm headers to the first 4k in the file to prevent + // excessive reads on non-xbm files + totalReadBytes += readBytes; + if (totalReadBytes >= maxlen) + return false; + } - if (readBytes <= 0) - return false; buf[readBytes - 1] = '\0'; QString sbuf; sbuf = QString::fromLatin1(buf); + // "#define .._width <num>" if (r1.indexIn(sbuf) == 0 && r2.indexIn(sbuf, r1.matchedLength()) == r1.matchedLength()) w = QByteArray(&buf[r1.matchedLength()]).trimmed().toInt(); |