minetest
/
irrlicht
mirror of https://github.com/minetest/irrlicht.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix TGA's with bad palette colors reading from behind palette memory 

TGA's can claim to use less palette colors than they later do.
We only support 8-bit palettes, so to make this safer lets just always allocate at least 256 bytes.
Thanks @erlehmann for report and testcase: https://irrlicht.sourceforge.io/forum/viewtopic.php?p=307191
Based on Minetest bug report: https://github.com/minetest/irrlicht/issues/236

git-svn-id: svn://svn.code.sf.net/p/irrlicht/code/trunk@6532 dfc29bdd-3216-0410-991c-e03cc46cb475
This commit is contained in:
cutealien 2023-09-23 16:34:42 +00:00 committed by sfan5
parent c01de80583
commit 05ebc43222
1 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
source/Irrlicht/CImageLoaderTGA.cpp
View File

@ -116,8 +116,17 @@ IImage* CImageLoaderTGA::loadImage(io::IReadFile* file) const
if (header.ColorMapType)
{
// create 32 bit palette
palette = new u32[ header.ColorMapLength];
// Create 32 bit palette
const irr::u16 paletteSize = core::max_((u16)256, header.ColorMapLength); // ColorMapLength can lie, but so far we only use palette for 8-bit, so ensure it has 256 entries
palette = new u32[paletteSize];
if( paletteSize > header.ColorMapLength )
{
// To catch images using palette colors with invalid indices
const irr::u32 errorCol = irr::video::SColor(255,255, 0, 205).color; // bright magenta
for ( irr::u16 i = header.ColorMapLength; i< paletteSize; ++i )
palette[i] = errorCol;
}
// read color map
u8 * colorMap = new u8[header.ColorMapEntrySize/8 * header.ColorMapLength];