Check the return value of fread to make sure the readed data is valid Bug 506207

commit: 4bad861322e754e6b8f0270d21920bb9d02e4495 [log] [tgz]
author: Jeff Muizelaar <jmuizelaar@mozilla.com> Tue Mar 29 22:48:33 2011 -0400
committer: Jeff Muizelaar <jmuizelaar@mozilla.com> Tue Mar 29 22:50:27 2011 -0400
tree: 86cf8269847e18cf7541af2a19ab34435d757023
parent: 02e88cecd09b2623fa6dd033daf272406e0962f9 [diff]
diff --git a/iccread.c b/iccread.c
index cfe3d13..88ef537 100644
--- a/iccread.c
+++ b/iccread.c

@@ -784,9 +784,11 @@
 	be32 length_be;
 	void *data;
 
-	fread(&length_be, sizeof(length), 1, file);
+	if (fread(&length_be, 1, sizeof(length_be), file) != sizeof(length_be))
+		return BAD_VALUE_PROFILE;
+
 	length = be32_to_cpu(length_be);
-	if (length > MAX_PROFILE_SIZE)
+	if (length > MAX_PROFILE_SIZE || length < sizeof(length_be))
 		return BAD_VALUE_PROFILE;
 
 	/* allocate room for the entire profile */
commit	4bad861322e754e6b8f0270d21920bb9d02e4495	[log] [tgz]
author	Jeff Muizelaar <jmuizelaar@mozilla.com>	Tue Mar 29 22:48:33 2011 -0400
committer	Jeff Muizelaar <jmuizelaar@mozilla.com>	Tue Mar 29 22:50:27 2011 -0400
tree	86cf8269847e18cf7541af2a19ab34435d757023
parent	02e88cecd09b2623fa6dd033daf272406e0962f9 [diff]