libgd/tests/tga/heap_overflow.c
Pierre Joye 167ea1f4f0
Fix tests based on coverity reports (#819)
* Partial #818, unused arg

* Partial #818, init var

* partail #818, fix va_args usage

* partail #818, handle f* calls and avoid possible call to malloc with negative values

* partail #818, prevent double free

* partail #818, resource leak if test fail

* partail #818, null deref fix

* partail #818, avoid double free on fp failure

* Partial #818, fix error msg

* Partial #818, leak on error

* Partial #818, null deref

* Partial #818, avoid possible negative index on failure

* partial #818, does not free if we return if requested new size overflow

* partial #818, avoid double free, free where the alloc happened
2022-02-01 15:09:01 +07:00

62 lines
1.1 KiB
C

/**
* Test that crafted TGA files don't trigger OOB reads.
*/
#include "gd.h"
#include "gdtest.h"
static void check_file(char *basename);
static size_t read_test_file(char **buffer, char *basename);
int main()
{
check_file("heap_overflow_1.tga");
check_file("heap_overflow_2.tga");
return gdNumFailures();
}
static void check_file(char *basename)
{
gdImagePtr im;
char *buffer;
size_t size;
size = read_test_file(&buffer, basename);
im = gdImageCreateFromTgaPtr(size, (void *) buffer);
if (!gdTestAssert(im == NULL)) {
gdImageDestroy(im);
}
free(buffer);
}
static size_t read_test_file(char **buffer, char *basename)
{
char *filename;
FILE *fp;
size_t exp_size, act_size;
filename = gdTestFilePath2("tga", basename);
fp = fopen(filename, "rb");
gdTestAssert(fp != NULL);
fseek(fp, 0, SEEK_END);
exp_size = ftell(fp);
fseek(fp, 0, SEEK_SET);
*buffer = malloc(exp_size);
gdTestAssert(*buffer != NULL);
act_size = fread(*buffer, sizeof(**buffer), exp_size, fp);
gdTestAssert(act_size == exp_size);
fclose(fp);
free(filename);
return act_size;
}