diff --git a/src/pngimage.cpp b/src/pngimage.cpp index a6a039b6..113dcf4f 100644 --- a/src/pngimage.cpp +++ b/src/pngimage.cpp @@ -317,28 +317,29 @@ namespace Exiv2 { if( bDump ) { DataBuf dataBuf; - auto data = new byte[dataOffset + 1]; - data[dataOffset] = 0; - bufRead = io_->read(data,dataOffset); + enforce(static_cast(dataOffset) < static_cast(std::numeric_limits::max()), kerFailedToReadImageData); + DataBuf data(static_cast(dataOffset) + 1); + data.pData_[dataOffset] = 0; + bufRead = io_->read(data.pData_, static_cast(dataOffset)); enforce(bufRead == static_cast(dataOffset), kerFailedToReadImageData); io_->seek(restore, BasicIo::beg); - uint32_t name_l = static_cast(std::strlen(reinterpret_cast(data))) + - 1; // leading string length - enforce(name_l <= dataOffset, kerCorruptedMetadata); + size_t name_l = std::strlen(reinterpret_cast(data.pData_)) + + 1; // leading string length + enforce(name_l < dataOffset, kerCorruptedMetadata); - uint32_t start = name_l; + uint32_t start = static_cast(name_l); bool bLF = false; // decode the chunk bool bGood = false; if ( tEXt ) { - bGood = tEXtToDataBuf(data+name_l,dataOffset-name_l,dataBuf); + bGood = tEXtToDataBuf(data.pData_ + name_l, dataOffset-name_l, dataBuf); } if ( zTXt || iCCP ) { - bGood = zlibToDataBuf(data+name_l+1,dataOffset-name_l-1,dataBuf); // +1 = 'compressed' flag + bGood = zlibToDataBuf(data.pData_ + name_l + 1, dataOffset - name_l - 1, dataBuf); // +1 = 'compressed' flag } if ( iTXt ) { - bGood = (start+3) < dataOffset ; // good if not a nul chunk + bGood = (3 <= dataOffset) && (start < dataOffset-3); // good if not a nul chunk } if ( eXIf ) { bGood = true ;// eXIf requires no pre-processing) @@ -347,8 +348,8 @@ namespace Exiv2 { // format is content dependent if ( bGood ) { if ( bXMP ) { - while (start < dataOffset && !data[start]) start++; // skip leading nul bytes - out << data+start; // output the xmp + while (start < dataOffset && !data.pData_[start]) start++; // skip leading nul bytes + out << data.pData_ + start; // output the xmp } if ( bExif || bIptc ) { @@ -389,13 +390,12 @@ namespace Exiv2 { } if ( eXIf && option == kpsRecursive ) { // create memio object with the data, then print the structure - BasicIo::UniquePtr p = BasicIo::UniquePtr(new MemIo(data,dataOffset)); + BasicIo::UniquePtr p = BasicIo::UniquePtr(new MemIo(data.pData_, dataOffset)); printTiffStructure(*p,out,option,depth); } if ( bLF ) out << std::endl; } - delete[] data; } io_->seek(dataOffset+4, BasicIo::cur);// jump past checksum if (io_->error()) throw Error(kerFailedToReadImageData);