@@ -107,6 +107,9 @@ jas_image_t *bmp_decode(jas_stream_t *in, char *optstr)
107107 uint_fast16_t numcmpts ;
108108 long n ;
109109
110+ image = 0 ;
111+ info = 0 ;
112+
110113 if (optstr ) {
111114 jas_eprintf ("warning: ignoring BMP decoder options\n" );
112115 }
@@ -121,7 +124,8 @@ jas_image_t *bmp_decode(jas_stream_t *in, char *optstr)
121124 /* Read the bitmap header. */
122125 if (bmp_gethdr (in , & hdr )) {
123126 jas_eprintf ("cannot get header\n" );
124- return 0 ;
127+ goto error ;
128+ //return 0;
125129 }
126130 JAS_DBGLOG (1 , (
127131 "BMP header: magic 0x%x; siz %d; res1 %d; res2 %d; off %d\n" ,
@@ -131,33 +135,46 @@ jas_image_t *bmp_decode(jas_stream_t *in, char *optstr)
131135 /* Read the bitmap information. */
132136 if (!(info = bmp_getinfo (in ))) {
133137 jas_eprintf ("cannot get info\n" );
134- return 0 ;
138+ //return 0;
139+ goto error ;
135140 }
136141 JAS_DBGLOG (1 ,
137- ("BMP information: len %d; width %d; height %d; numplanes %d; "
138- "depth %d; enctype %d; siz %d; hres %d; vres %d; numcolors %d; "
139- "mincolors %d\n" , info -> len , info -> width , info -> height , info -> numplanes ,
140- info -> depth , info -> enctype , info -> siz , info -> hres , info -> vres ,
141- info -> numcolors , info -> mincolors ));
142+ ("BMP information: len %ld; width %ld; height %ld; numplanes %d; "
143+ "depth %d; enctype %ld; siz %ld; hres %ld; vres %ld; numcolors %ld; "
144+ "mincolors %ld\n" , JAS_CAST (long , info -> len ),
145+ JAS_CAST (long , info -> width ), JAS_CAST (long , info -> height ),
146+ JAS_CAST (long , info -> numplanes ), JAS_CAST (long , info -> depth ),
147+ JAS_CAST (long , info -> enctype ), JAS_CAST (long , info -> siz ),
148+ JAS_CAST (long , info -> hres ), JAS_CAST (long , info -> vres ),
149+ JAS_CAST (long , info -> numcolors ), JAS_CAST (long , info -> mincolors )));
150+
151+ if (info -> width < 0 || info -> height < 0 || info -> numplanes < 0 ||
152+ info -> depth < 0 || info -> siz < 0 || info -> hres < 0 || info -> vres < 0 ) {
153+ jas_eprintf ("corrupt bit stream\n" );
154+ goto error ;
155+ }
142156
143157 /* Ensure that we support this type of BMP file. */
144158 if (!bmp_issupported (& hdr , info )) {
145159 jas_eprintf ("error: unsupported BMP encoding\n" );
146- bmp_info_destroy (info );
147- return 0 ;
160+ //bmp_info_destroy(info);
161+ //return 0;
162+ goto error ;
148163 }
149164
150165 /* Skip over any useless data between the end of the palette
151166 and start of the bitmap data. */
152167 if ((n = hdr .off - (BMP_HDRLEN + BMP_INFOLEN + BMP_PALLEN (info ))) < 0 ) {
153168 jas_eprintf ("error: possibly bad bitmap offset?\n" );
154- return 0 ;
169+ goto error ;
170+ //return 0;
155171 }
156172 if (n > 0 ) {
157173 jas_eprintf ("skipping unknown data in BMP file\n" );
158174 if (bmp_gobble (in , n )) {
159- bmp_info_destroy (info );
160- return 0 ;
175+ //bmp_info_destroy(info);
176+ //return 0;
177+ goto error ;
161178 }
162179 }
163180
@@ -179,8 +196,9 @@ jas_image_t *bmp_decode(jas_stream_t *in, char *optstr)
179196 /* Create image object. */
180197 if (!(image = jas_image_create (numcmpts , cmptparms ,
181198 JAS_CLRSPC_UNKNOWN ))) {
182- bmp_info_destroy (info );
183- return 0 ;
199+ //bmp_info_destroy(info);
200+ //return 0;
201+ goto error ;
184202 }
185203
186204 if (numcmpts == 3 ) {
@@ -199,14 +217,24 @@ jas_image_t *bmp_decode(jas_stream_t *in, char *optstr)
199217
200218 /* Read the bitmap data. */
201219 if (bmp_getdata (in , info , image )) {
202- bmp_info_destroy (info );
203- jas_image_destroy (image );
204- return 0 ;
220+ //bmp_info_destroy(info);
221+ //jas_image_destroy(image);
222+ //return 0;
223+ goto error ;
205224 }
206225
207226 bmp_info_destroy (info );
208227
209228 return image ;
229+
230+ error :
231+ if (info ) {
232+ bmp_info_destroy (info );
233+ }
234+ if (image ) {
235+ jas_image_destroy (image );
236+ }
237+ return 0 ;
210238}
211239
212240int bmp_validate (jas_stream_t * in )
0 commit comments