1 |
diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c |
2 |
index 924d3d1..3abf140 100644 |
3 |
--- a/gdk-pixbuf/io-ico.c |
4 |
+++ b/gdk-pixbuf/io-ico.c |
5 |
@@ -318,10 +318,7 @@ static void DecodeHeader(guchar *Data, gint Bytes, |
6 |
return; |
7 |
} |
8 |
|
9 |
- /* We know how many bytes are in the "header" part. */ |
10 |
- State->HeaderSize = entry->DIBoffset + 40; /* 40 = sizeof(InfoHeader) */ |
11 |
- |
12 |
- if (State->HeaderSize < 0) { |
13 |
+ if (entry->DIBoffset > G_MAXINT - 40) { |
14 |
g_set_error (error, |
15 |
GDK_PIXBUF_ERROR, |
16 |
GDK_PIXBUF_ERROR_CORRUPT_IMAGE, |
17 |
@@ -329,6 +326,9 @@ static void DecodeHeader(guchar *Data, gint Bytes, |
18 |
return; |
19 |
} |
20 |
|
21 |
+ /* We know how many bytes are in the "header" part. */ |
22 |
+ State->HeaderSize = entry->DIBoffset + 40; |
23 |
+ |
24 |
if (State->HeaderSize>State->BytesInHeaderBuf) { |
25 |
guchar *tmp=g_try_realloc(State->HeaderBuf,State->HeaderSize); |
26 |
if (!tmp) { |