[Xcb-commit] xcb/util-cursor: cursor
Michael Stapelberg
stapelberg at kemper.freedesktop.org
Thu Nov 7 22:00:54 CET 2013
cursor/parse_cursor_file.c | 70 ++++++++++++++++++++++++++++-----------------
1 file changed, 44 insertions(+), 26 deletions(-)
New commits:
commit c453d4baceaead514c814b825cdd9b517c6bcd8c
Author: Michael Stapelberg <michael at stapelberg.de>
Date: Thu Nov 7 22:00:21 2013 +0100
handle read() errors (Thanks psychon)
diff --git a/cursor/parse_cursor_file.c b/cursor/parse_cursor_file.c
index 30f7df5..b944c4a 100644
--- a/cursor/parse_cursor_file.c
+++ b/cursor/parse_cursor_file.c
@@ -35,6 +35,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
+#include <stdbool.h>
#ifdef HAVE_ENDIAN_H
#include <endian.h>
@@ -82,14 +83,24 @@ static uint32_t find_best_size(xcint_cursor_file_t *cf, const uint32_t target, u
return best;
}
+/* Returns true if and only if the read() call read the entirety of the data it
+ * was supposed to read. */
+static bool read_entirely(int fd, void *buf, size_t count) {
+ return read(fd, buf, count) == count;
+}
+
int parse_cursor_file(xcb_cursor_context_t *c, const int fd, xcint_image_t **images, int *nimg) {
/* Read the header, verify the magic value. */
xcint_cursor_file_t cf;
uint32_t nsizes = 0;
uint32_t best = 0;
uint32_t skip = 0;
+ /* The amount of images stored in 'images', used when cleaning up. */
+ int cnt = 0;
+
+ if (!read_entirely(fd, &(cf.header), sizeof(xcint_file_header_t)))
+ return -EINVAL;
- read(fd, &(cf.header), sizeof(xcint_file_header_t));
cf.header.magic = le32toh(cf.header.magic);
cf.header.header = le32toh(cf.header.header);
cf.header.version = le32toh(cf.header.version);
@@ -107,7 +118,9 @@ int parse_cursor_file(xcb_cursor_context_t *c, const int fd, xcint_image_t **ima
/* Read the table of contents */
cf.tocs = malloc(cf.header.ntoc * sizeof(xcint_file_toc_t));
- read(fd, cf.tocs, cf.header.ntoc * sizeof(xcint_file_toc_t));
+ if (!read_entirely(fd, cf.tocs, cf.header.ntoc * sizeof(xcint_file_toc_t)))
+ goto error;
+
for (int n = 0; n < cf.header.ntoc; n++) {
cf.tocs[n].type = le32toh(cf.tocs[n].type);
cf.tocs[n].subtype = le32toh(cf.tocs[n].subtype);
@@ -115,23 +128,17 @@ int parse_cursor_file(xcb_cursor_context_t *c, const int fd, xcint_image_t **ima
}
/* No images? Invalid file. */
- if ((best = find_best_size(&cf, c->size, &nsizes)) == 0 || nsizes == 0) {
- free(cf.tocs);
- return -EINVAL;
- }
+ if ((best = find_best_size(&cf, c->size, &nsizes)) == 0 || nsizes == 0)
+ goto error;
*nimg = nsizes;
- if ((*images = calloc(nsizes, sizeof(xcint_image_t))) == NULL) {
- free(cf.tocs);
- return -errno;
- }
+ if ((*images = calloc(nsizes, sizeof(xcint_image_t))) == NULL)
+ goto error;
- for (int n = 0, cnt = 0;
- n < cf.header.ntoc;
- n++) {
+ for (int n = 0; n < cf.header.ntoc; n++) {
xcint_chunk_header_t chunk;
/* for convenience */
- xcint_image_t *i = &((*images)[cnt++]);
+ xcint_image_t *i = &((*images)[n]);
uint32_t numpixels = 0;
uint32_t *p = NULL;
@@ -140,18 +147,18 @@ int parse_cursor_file(xcb_cursor_context_t *c, const int fd, xcint_image_t **ima
continue;
lseek(fd, cf.tocs[n].position, SEEK_SET);
- read(fd, &chunk, sizeof(xcint_chunk_header_t));
+ if (!read_entirely(fd, &chunk, sizeof(xcint_chunk_header_t)))
+ goto error2;
chunk.header = le32toh(chunk.header);
chunk.type = le32toh(chunk.type);
chunk.subtype = le32toh(chunk.subtype);
chunk.version = le32toh(chunk.version);
/* Sanity check, as libxcursor does it. */
if (chunk.type != cf.tocs[n].type ||
- chunk.subtype != cf.tocs[n].subtype) {
- free(cf.tocs);
- return -EINVAL;
- }
- read(fd, i, sizeof(xcint_image_t) - sizeof(uint32_t*)); // TODO: better type
+ chunk.subtype != cf.tocs[n].subtype)
+ goto error2;
+ if (!read_entirely(fd, i, sizeof(xcint_image_t) - sizeof(uint32_t*))) // TODO: better type
+ goto error2;
i->width = le32toh(i->width);
i->height = le32toh(i->height);
i->xhot = le32toh(i->xhot);
@@ -159,14 +166,15 @@ int parse_cursor_file(xcb_cursor_context_t *c, const int fd, xcint_image_t **ima
i->delay = le32toh(i->delay);
/* Read the actual image data and convert it to host byte order */
- if (((uint64_t)i->width) * i->height > UINT32_MAX) {
- /* Catch integer overflows */
- free(cf.tocs);
- return -EINVAL;
- }
+ /* Catch integer overflows */
+ if (((uint64_t)i->width) * i->height > UINT32_MAX)
+ goto error2;
numpixels = i->width * i->height;
i->pixels = malloc(numpixels * sizeof(uint32_t));
- read(fd, i->pixels, numpixels * sizeof(uint32_t));
+ /* With the malloc, one more image is eligible for cleanup later. */
+ cnt++;
+ if (!read_entirely(fd, i->pixels, numpixels * sizeof(uint32_t)))
+ goto error2;
p = i->pixels;
for (int j = 0; j < numpixels; j++, p++)
*p = le32toh(*p);
@@ -174,4 +182,14 @@ int parse_cursor_file(xcb_cursor_context_t *c, const int fd, xcint_image_t **ima
free(cf.tocs);
return 0;
+
+error2:
+ /* Free the memory for all images that were read so far. */
+ for (int n = 0; n < cnt; n++)
+ free((*images)[n].pixels);
+ free(*images);
+error:
+ *images = NULL;
+ free(cf.tocs);
+ return -EINVAL;
}
More information about the xcb-commit
mailing list