svnno****@sourc*****
svnno****@sourc*****
2011年 4月 8日 (金) 14:26:47 JST
ForkRevision: 556
http://sourceforge.jp/projects/swfed/svn/view?view=rev&revision=556
Author: yoya
Date: 2011-04-08 14:26:47 +0900 (Fri, 08 Apr 2011)
Log Message:
-----------
realloc の戻り値を見ていない部分を見るように修正
Modified Paths:
--------------
trunk/src/swf_gif.c
trunk/src/swf_png.c
trunk/src/swf_tag_jpeg.c
-------------- next part --------------
Modified: trunk/src/swf_gif.c
===================================================================
--- trunk/src/swf_gif.c 2011-04-08 05:23:59 UTC (rev 555)
+++ trunk/src/swf_gif.c 2011-04-08 05:26:47 UTC (rev 556)
@@ -62,17 +62,19 @@
{
my_gif_buffer *gif_buff = (my_gif_buffer *) GifFile->UserData;
unsigned long new_data_len;
+ unsigned char *tmp;
if (gif_buff->data_offset + count > gif_buff->data_len) {
new_data_len = 2 * gif_buff->data_len;
if (gif_buff->data_offset + count > new_data_len) {
new_data_len = gif_buff->data_offset + count;
}
- gif_buff->data = realloc(gif_buff->data, new_data_len);
- if (gif_buff->data == NULL) {
+ tmp = realloc(gif_buff->data, new_data_len);
+ if (tmp == NULL) {
fprintf(stderr, "gif_data_write_func: can't realloc: new_data_len(%lu), data_len(%lu)\n",
new_data_len, gif_buff->data_len);
return 0;
}
+ gif_buff->data = tmp;
gif_buff->data_len = new_data_len;
}
memcpy(gif_buff->data + gif_buff->data_offset, buf, count);
Modified: trunk/src/swf_png.c
===================================================================
--- trunk/src/swf_png.c 2011-04-08 05:23:59 UTC (rev 555)
+++ trunk/src/swf_png.c 2011-04-08 05:26:47 UTC (rev 556)
@@ -54,18 +54,19 @@
png_data_write_func(png_structp png_ptr, png_bytep buf, png_size_t size) {
my_png_buffer *png_buff = (my_png_buffer *)png_get_io_ptr(png_ptr);
unsigned long new_data_len;
+ unsigned char *tmp;
if (png_buff->data_offset + size > png_buff->data_len) {
new_data_len = 2 * png_buff->data_len;
if (png_buff->data_offset + size > new_data_len) {
new_data_len = png_buff->data_offset + size;
}
- png_buff->data = realloc(png_buff->data, new_data_len);
- if (png_buff->data == NULL) {
+ tmp = realloc(png_buff->data, new_data_len);
+ if (tmp == NULL) {
fprintf(stderr, "png_data_write_func: can't realloc: new_data_len(%lu), data_len(%lu)\n",
new_data_len, png_buff->data_len);
png_error(png_ptr,"png_data_write_func failed");
-
}
+ png_buff->data = tmp;
png_buff->data_len = new_data_len;
}
memcpy(png_buff->data + png_buff->data_offset, buf, size);
Modified: trunk/src/swf_tag_jpeg.c
===================================================================
--- trunk/src/swf_tag_jpeg.c 2011-04-08 05:23:59 UTC (rev 555)
+++ trunk/src/swf_tag_jpeg.c 2011-04-08 05:26:47 UTC (rev 556)
@@ -177,6 +177,12 @@
if (result == Z_BUF_ERROR) { // XXX
origsize *= 2;
new_buff = realloc(new_buff, origsize); // enough size?
+ if (new_buff == NULL) {
+ free(swf_tag_jpeg);
+ bitstream_close(bs);
+ fprintf(stderr, "swf_tag_jpeg3_create_detail: realloc(%p, %d) failed\n", new_buff, origsize);
+ return 1;
+ }
result = uncompress(new_buff, &origsize, old_buff_ref, alpha_data_len);
}
if (result == Z_OK) {