| 1 | /* GdkPixbuf library - test compositing |
|---|
| 2 | * |
|---|
| 3 | * Copyright (C) 2015 Red Hat, Inc. |
|---|
| 4 | * |
|---|
| 5 | * This program is free software; you can redistribute it and/or modify |
|---|
| 6 | * it under the terms of the GNU General Public License as published by |
|---|
| 7 | * the Free Software Foundation; either version 2 of the License, or |
|---|
| 8 | * (at your option) any later version. |
|---|
| 9 | * |
|---|
| 10 | * This program is distributed in the hope that it will be useful, |
|---|
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
|---|
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|---|
| 13 | * GNU General Public License for more details. |
|---|
| 14 | * |
|---|
| 15 | * You should have received a copy of the GNU General Public License |
|---|
| 16 | * along with this program; if not, see <http://www.gnu.org/licenses/>. |
|---|
| 17 | * |
|---|
| 18 | * Author: Benjamin Otte |
|---|
| 19 | */ |
|---|
| 20 | |
|---|
| 21 | #include <gdk-pixbuf.h> |
|---|
| 22 | |
|---|
| 23 | #include "test-common.h" |
|---|
| 24 | |
|---|
| 25 | static void |
|---|
| 26 | test_original (void) |
|---|
| 27 | { |
|---|
| 28 | GdkPixbuf* buf; |
|---|
| 29 | int size = 32; |
|---|
| 30 | GError* err = NULL; |
|---|
| 31 | |
|---|
| 32 | buf = gdk_pixbuf_new_from_resource_at_scale (resource_path: "/test/resource/cve-2015-4491.bmp" , width: size, height: size, FALSE, error: &err); |
|---|
| 33 | /* Image is corrupt because the rowstride * height mul overflows */ |
|---|
| 34 | g_assert_error (err, GDK_PIXBUF_ERROR, GDK_PIXBUF_ERROR_CORRUPT_IMAGE); |
|---|
| 35 | g_assert_null (buf); |
|---|
| 36 | } |
|---|
| 37 | |
|---|
| 38 | static void |
|---|
| 39 | test_scale_overflow (void) |
|---|
| 40 | { |
|---|
| 41 | GdkPixbuf *src, *dest; |
|---|
| 42 | |
|---|
| 43 | src = gdk_pixbuf_new (colorspace: GDK_COLORSPACE_RGB, TRUE, bits_per_sample: 8, width: 1 << 12, height: 1 << 12); |
|---|
| 44 | dest = gdk_pixbuf_scale_simple (src, dest_width: 1, dest_height: 1, interp_type: GDK_INTERP_BILINEAR); |
|---|
| 45 | |
|---|
| 46 | g_object_unref (object: dest); |
|---|
| 47 | g_object_unref (object: src); |
|---|
| 48 | |
|---|
| 49 | } |
|---|
| 50 | |
|---|
| 51 | static void |
|---|
| 52 | test_scalex_overflow (void) |
|---|
| 53 | { |
|---|
| 54 | GdkPixbuf *src, *dest; |
|---|
| 55 | |
|---|
| 56 | src = gdk_pixbuf_new (colorspace: GDK_COLORSPACE_RGB, TRUE, bits_per_sample: 8, width: (((guint) G_MAXINT) + 1) >> 7, height: 1); |
|---|
| 57 | dest = gdk_pixbuf_scale_simple (src, dest_width: 1, dest_height: 1, interp_type: GDK_INTERP_BILINEAR); |
|---|
| 58 | |
|---|
| 59 | g_object_unref (object: dest); |
|---|
| 60 | g_object_unref (object: src); |
|---|
| 61 | |
|---|
| 62 | } |
|---|
| 63 | |
|---|
| 64 | static void |
|---|
| 65 | test_scaley_overflow (void) |
|---|
| 66 | { |
|---|
| 67 | GdkPixbuf *src, *dest; |
|---|
| 68 | |
|---|
| 69 | src = gdk_pixbuf_new (colorspace: GDK_COLORSPACE_RGB, TRUE, bits_per_sample: 8, width: 1, height: (((guint) G_MAXINT) + 1) >> 7); |
|---|
| 70 | dest = gdk_pixbuf_scale_simple (src, dest_width: 1, dest_height: 1, interp_type: GDK_INTERP_BILINEAR); |
|---|
| 71 | |
|---|
| 72 | g_object_unref (object: dest); |
|---|
| 73 | g_object_unref (object: src); |
|---|
| 74 | |
|---|
| 75 | } |
|---|
| 76 | |
|---|
| 77 | int |
|---|
| 78 | main (int argc, char *argv[]) |
|---|
| 79 | { |
|---|
| 80 | g_test_init (argc: &argc, argv: &argv, NULL); |
|---|
| 81 | |
|---|
| 82 | g_test_add_func (testpath: "/pixbuf/cve-2015-4491/original" , test_func: test_original); |
|---|
| 83 | g_test_add_func (testpath: "/pixbuf/cve-2015-4491/scale-overflow" , test_func: test_scale_overflow); |
|---|
| 84 | g_test_add_func (testpath: "/pixbuf/cve-2015-4491/scale-x-overflow" , test_func: test_scalex_overflow); |
|---|
| 85 | g_test_add_func (testpath: "/pixbuf/cve-2015-4491/scale-y-overflow" , test_func: test_scaley_overflow); |
|---|
| 86 | |
|---|
| 87 | return g_test_run (); |
|---|
| 88 | } |
|---|
| 89 | |
|---|
