Hi Yiyuan,
CC dri-devel, linux-fbdev
On Wed, 12 May 2021, Yiyuan GUO wrote:
In video/logo/pnmtologo.c, the function read_image can read from the
image file an integer 0 and pass it to function get_number255, leading
to a divide by zero problem.
Signed-off-by: Yiyuan GUO <yguoaz@xxxxxxxxx>
Thanks for your patch!
--- a/drivers/video/logo/pnmtologo.c
+++ b/drivers/video/logo/pnmtologo.c
@@ -118,7 +118,12 @@ static unsigned int get_number(FILE *fp)
static unsigned int get_number255(FILE *fp, unsigned int maxval)
{
- unsigned int val = get_number(fp);
+ unsigned int val;
+
+ if (!maxval)
+ die("Corrupted maxval\n");
Please be consistent with other places reporting errors, e.g.
die("%s: invalid maxval zero\n", filename);
This looks like a strange place to check the validity of maxval.
What about checking if right after its assignment?
To avoid duplicating code, you can create a helper:
static unsigned int get_maxval(FILE *fp)
{
unsigned int maxval = get_number(fp);
if (!maxval)
die("%s: invalid maxval zero\n", filename);
return maxval;
}
and:
/* Plain PGM */
- maxval = get_number(fp);
+ maxval = get_maxval(fp);
and:
/* Plain PPM */
- maxval = get_number(fp);
+ maxval = get_maxval(fp);
+
+ val = get_number(fp);
return (255*val+maxval/2)/maxval;
}
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
