dnrops
/
gimp
mirror of https://github.com/GNOME/gimp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug 493778 – metadata plug-in crashes on some images 

The problem is that the parser adds an empty property value when
parsing an empty Alt-array, "<rdf:Alt/>".

But when it is encoded it is expected to be in the form of a NULL
terminated array of pairs of property values, with the result that the
NULL terminator is considered the second element of the first pair and
the loop encoding these properties goes beyond the end of the array,
thus dereferencing invalid pointers.

This commit alters the parser to avoid adding dummy values when empty
rdf:Alt, rdf:Bag and rdf:Seq elements are found.
This commit is contained in:
Massimo Valentini 2009-07-20 14:59:29 +02:00 committed by Martin Nordholts
parent cfbcdbd207
commit b28b0e4687
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
plug-ins/metadata/xmp-parse.c
View File

@ -948,6 +948,11 @@ end_element_handler (GMarkupParseContext *markup_context,
case STATE_INSIDE_ALT:
case STATE_INSIDE_BAG:
case STATE_INSIDE_SEQ:
if (context->property && context->prop_cur_value < 0)
{
g_free (context->property);
context->property = NULL;
}
context->state = STATE_INSIDE_PROPERTY;
break;