Re: [PATCH] video/logo: protect against divide by zero when reading image

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



	Hi Yiyuan,

CC dri-devel, linux-fbdev

On Wed, 12 May 2021, Yiyuan GUO wrote:
In video/logo/pnmtologo.c, the function read_image can read from the
image file an integer 0 and pass it to function get_number255, leading
to a divide by zero problem.

Signed-off-by: Yiyuan GUO <yguoaz@xxxxxxxxx>

Thanks for your patch!

--- a/drivers/video/logo/pnmtologo.c
+++ b/drivers/video/logo/pnmtologo.c
@@ -118,7 +118,12 @@ static unsigned int get_number(FILE *fp)

static unsigned int get_number255(FILE *fp, unsigned int maxval)
{
-    unsigned int val = get_number(fp);
+    unsigned int val;
+
+    if (!maxval)
+	die("Corrupted maxval\n");

Please be consistent with other places reporting errors, e.g.

    die("%s: invalid maxval zero\n", filename);

This looks like a strange place to check the validity of maxval.
What about checking if right after its assignment?
To avoid duplicating code, you can create a helper:

    static unsigned int get_maxval(FILE *fp)
    {
	unsigned int maxval = get_number(fp);

	if (!maxval)
	    die("%s: invalid maxval zero\n", filename);

	return maxval;
    }

and:

    /* Plain PGM */
-   maxval = get_number(fp);
+   maxval = get_maxval(fp);

and:

    /* Plain PPM */
-   maxval = get_number(fp);
+   maxval = get_maxval(fp);

+
+    val = get_number(fp);
    return (255*val+maxval/2)/maxval;
}

Gr{oetje,eeting}s,

						Geert

--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@xxxxxxxxxxxxxx

In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
							    -- Linus Torvalds



[Index of Archives]     [Linux SoC]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux