Review Request: Make TGAHandler to be stricter about supported files, makes Konqueror not to crash on http://www.hs.fi

Christoph Feck christoph at maxiom.de
Sun May 24 21:21:05 BST 2009 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://reviewboard.kde.org/r/756/#review1189
-----------------------------------------------------------


Looks good, not that I have any TGA files to test. If there are now TGA files that are not recognized, we need to adjust that, but better than crashing like now.

- Christoph


On 2009-05-23 17:17:30, Teemu Rytilahti wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://reviewboard.kde.org/r/756/
> -----------------------------------------------------------
> 
> (Updated 2009-05-23 17:17:30)
> 
> 
> Review request for kdelibs.
> 
> 
> Summary
> -------
> 
> Update kimgio's TGAHandler to be stricter about whether the file is supported or not + removes duplicate checks. Changes are based on the spec which can be found from here: http://www.ludorg.net/amnesia/TGA_File_Format_Spec.html
> 
> See the attached bugs for possible casualties of the not-so-strict checking, and you can also test http://www.hs.fi with Konqueror.
> 
> For a simpler test-case with Konqueror, try putting '<link href="http://www.hs.fi/static/hs3/css/hs-compressed.css" rel="stylesheet" type="text/css" media="all" />' to an HTML file and load it up on Konqueror, due to an empty url() in that CSS file, Konqueror/KHTML tries to find out who wants to load the file with an empty url and apparently goes through QImageIO to see if someone supports that data, TGAHandler's canRead() reports true and call to LoadTGA is made. That doesn't check whether the input is valid and kaboom, it crashes.
> 
> 
> This addresses bugs 189338 and 192191.
>     https://bugs.kde.org/show_bug.cgi?id=189338
>     https://bugs.kde.org/show_bug.cgi?id=192191
> 
> 
> Diffs
> -----
> 
>   /trunk/KDE/kdelibs/kimgio/tga.cpp 969090 
> 
> Diff: http://reviewboard.kde.org/r/756/diff
> 
> 
> Testing
> -------
> 
> Tested by using images from this site: http://www.fileformat.info/format/tga/sample/index.htm . Two of the 8-bit images do not work, but they did not do that earlier either. http://www.hs.fi does not crash anymore either.
> 
> 
> Thanks,
> 
> Teemu
> 
>

More information about the kde-core-devel mailing list