From 018c0ebc7d7ffaa55bf5a80b2a8a0e3ee1ebcc7b Mon Sep 17 00:00:00 2001 From: Harald Fernengel Date: Thu, 4 Nov 2010 13:49:43 +0100 Subject: Prevent excessive seeks in xbm detection When auto-detecting an image type, the xbm handler would read the entire file just to figure out that it's not an xbm. This patch limits the read to maximum 4k and also breaks if line length >= 299. Task-number: QT-4021 Reviewed-by: Robert Griebl --- src/gui/image/qxbmhandler.cpp | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/src/gui/image/qxbmhandler.cpp b/src/gui/image/qxbmhandler.cpp index 0dd4e99..f9c2e0c 100644 --- a/src/gui/image/qxbmhandler.cpp +++ b/src/gui/image/qxbmhandler.cpp @@ -66,27 +66,36 @@ static inline int hex2byte(register char *p) static bool read_xbm_header(QIODevice *device, int& w, int& h) { const int buflen = 300; + const int maxlen = 4096; char buf[buflen + 1]; QRegExp r1(QLatin1String("^#define[ \t]+[a-zA-Z0-9._]+[ \t]+")); QRegExp r2(QLatin1String("[0-9]+")); qint64 readBytes = 0; + qint64 totalReadBytes = 0; - // "#define .._width " - readBytes = device->readLine(buf, buflen); - if (readBytes <= 0) - return false; - buf[readBytes - 1] = '\0'; + buf[0] = '\0'; // skip initial comment, if any - while (buf[0] != '#' && (readBytes = device->readLine( buf, buflen )) > 0) {} + while (buf[0] != '#') { + readBytes = device->readLine(buf, buflen); + + // if readBytes >= buflen, it's very probably not a C file + if (readBytes <= 0 || readBytes >= buflen -1) + return false; + + // limit xbm headers to the first 4k in the file to prevent + // excessive reads on non-xbm files + totalReadBytes += readBytes; + if (totalReadBytes >= maxlen) + return false; + } - if (readBytes <= 0) - return false; buf[readBytes - 1] = '\0'; QString sbuf; sbuf = QString::fromLatin1(buf); + // "#define .._width " if (r1.indexIn(sbuf) == 0 && r2.indexIn(sbuf, r1.matchedLength()) == r1.matchedLength()) w = QByteArray(&buf[r1.matchedLength()]).trimmed().toInt(); -- cgit v0.12