File: cve-2015-4491.c

package info (click to toggle)
gdk-pixbuf 2.36.5-2+deb9u2
  • links: PTS, VCS
  • area: main
  • in suites: stretch
  • size: 29,812 kB
  • sloc: ansic: 34,006; sh: 5,235; makefile: 1,129; xml: 459; asm: 453; python: 193; perl: 56; sed: 16
file content (105 lines) | stat: -rw-r--r-- 2,638 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
/* GdkPixbuf library - test compositing
 *
 * Copyright (C) 2015 Red Hat, Inc.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, see <http://www.gnu.org/licenses/>.
 *
 * Author: Benjamin Otte
 */

#include <malloc.h>

#include <gdk-pixbuf.h>

#include "test-common.h"

static void
test_original (void)
{
  GdkPixbuf* buf;
  int size = 32;
  GError* err = NULL;
  gint64 perturbv = 0;

  const gchar * perturb = NULL;
  perturb = g_getenv("MALLOC_PERTURB_");
  if (perturb != NULL) {
	  perturbv = g_ascii_strtoll (perturb, NULL, 0);
	  mallopt(M_PERTURB, 0);
  }

  buf = gdk_pixbuf_new_from_resource_at_scale ("/test/resource/cve-2015-4491.bmp", size, size, FALSE, &err);
  if (skip_if_insufficient_memory (&err))
    return;

  if (perturbv > 0) {
	  mallopt(M_PERTURB, perturbv);
  }

  g_assert_no_error (err);

  g_object_unref (buf);
}

static void
test_scale_overflow (void)
{
  GdkPixbuf *src, *dest;

  src = gdk_pixbuf_new (GDK_COLORSPACE_RGB, TRUE, 8, 1 << 12, 1 << 12);
  dest = gdk_pixbuf_scale_simple (src, 1, 1, GDK_INTERP_BILINEAR);

  g_object_unref (dest);
  g_object_unref (src);

}

static void
test_scalex_overflow (void)
{
  GdkPixbuf *src, *dest;

  src = gdk_pixbuf_new (GDK_COLORSPACE_RGB, TRUE, 8, (((guint) G_MAXINT) + 1) >> 7, 1);
  dest = gdk_pixbuf_scale_simple (src, 1, 1, GDK_INTERP_BILINEAR);

  g_object_unref (dest);
  g_object_unref (src);

}

static void
test_scaley_overflow (void)
{
  GdkPixbuf *src, *dest;

  src = gdk_pixbuf_new (GDK_COLORSPACE_RGB, TRUE, 8, 1, (((guint) G_MAXINT) + 1) >> 7);
  dest = gdk_pixbuf_scale_simple (src, 1, 1, GDK_INTERP_BILINEAR);

  g_object_unref (dest);
  g_object_unref (src);

}

int
main (int argc, char *argv[])
{
  g_test_init (&argc, &argv, NULL);

  g_test_add_func ("/pixbuf/cve-2015-4491/original", test_original);
  g_test_add_func ("/pixbuf/cve-2015-4491/scale-overflow", test_scale_overflow);
  g_test_add_func ("/pixbuf/cve-2015-4491/scale-x-overflow", test_scalex_overflow);
  g_test_add_func ("/pixbuf/cve-2015-4491/scale-y-overflow", test_scaley_overflow);

  return g_test_run ();
}