From 4e1c690ea7b2163f64e3ca9dc25ca69bc75ee433 Mon Sep 17 00:00:00 2001 From: Thomas Martitz Date: Sun, 12 Jan 2014 23:13:45 +0100 Subject: skin_engine: Stricter checking for x, y, width, height for bar tags. Every theme that doesn't parse anymore now has broken values. I hope it's not too many of them. Change-Id: I6f52e55dc9197d0919f854240723a88f99c0b7da --- apps/gui/skin_engine/skin_parser.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/apps/gui/skin_engine/skin_parser.c b/apps/gui/skin_engine/skin_parser.c index 06b37d875c..a76a06ac61 100644 --- a/apps/gui/skin_engine/skin_parser.c +++ b/apps/gui/skin_engine/skin_parser.c @@ -922,30 +922,43 @@ static int parse_progressbar_tag(struct skin_element* element, /* (x, y, width, height, ...) */ if (!isdefault(param)) + { pb->x = param->data.number; + if (pb->x < 0 || pb->x >= vp->width) + return WPS_ERROR_INVALID_PARAM; + } else pb->x = 0; param++; if (!isdefault(param)) + { pb->y = param->data.number; + if (pb->y < 0 || pb->y >= vp->height) + return WPS_ERROR_INVALID_PARAM; + } else pb->y = -1; /* computed at rendering */ param++; if (!isdefault(param)) + { pb->width = param->data.number; + if (pb->width <= 0 || (pb->x + pb->width) > vp->width) + return WPS_ERROR_INVALID_PARAM; + } else pb->width = vp->width - pb->x; param++; if (!isdefault(param)) { - /* A zero height makes no sense - reject it */ - if (param->data.number == 0) - return WPS_ERROR_INVALID_PARAM; - + int max; pb->height = param->data.number; + /* include y in check only if it was non-default */ + max = (pb->y > 0) ? pb->y + pb->height : pb->height; + if (pb->height <= 0 || max > vp->height) + return WPS_ERROR_INVALID_PARAM; } else { -- cgit v1.2.3