minetest/irrlicht
1
0
Fork 0
mirror of https://github.com/minetest/irrlicht.git synced 2025-06-28 14:26:06 +02:00
Code Issues Projects Releases Wiki Activity

Fix crash with large jpg files.

Browse Source 
Based somewhat on a patch in Minetest from sfan5 594de99153
There might be more problems which may be the reason they checked for other values in Minetest, but don't have more info for now and so far this works.
Forum: https://irrlicht.sourceforge.io/forum/viewtopic.php?f=2&t=52819&p=306518

git-svn-id: svn://svn.code.sf.net/p/irrlicht/code/trunk@6385 dfc29bdd-3216-0410-991c-e03cc46cb475
This commit is contained in:
cutealien
2022-05-06 16:00:26 +00:00
parent 156463da4f
commit 76d013d9d6
2 changed files with 17 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
source/Irrlicht/CImageLoaderJPG.cpp
View File

@ -145,10 +145,13 @@ IImage* CImageLoaderJPG::loadImage(io::IReadFile* file) const
return 0;
core::stringc filename = file->getFileName();
long fileSize = file->getSize();
if ( fileSize < 3 )
return 0;
u8 **rowPtr=0;
u8* input = new u8[file->getSize()];
file->read(input, file->getSize());
u8* input = new u8[fileSize];
file->read(input, fileSize);
// allocate and initialize JPEG decompression object
struct jpeg_decompress_struct cinfo;
@ -188,7 +191,7 @@ IImage* CImageLoaderJPG::loadImage(io::IReadFile* file) const
jpeg_source_mgr jsrc;
// Set up data pointer
jsrc.bytes_in_buffer = file->getSize();
jsrc.bytes_in_buffer = fileSize;
jsrc.next_input_byte = (JOCTET*)input;
cinfo.src = &jsrc;
@ -225,10 +228,17 @@ IImage* CImageLoaderJPG::loadImage(io::IReadFile* file) const
jpeg_start_decompress(&cinfo);
// Get image data
u16 rowspan = cinfo.image_width * cinfo.out_color_components;
u32 rowspan = cinfo.image_width * cinfo.out_color_components;
u32 width = cinfo.image_width;
u32 height = cinfo.image_height;
if ( width > JPEG_MAX_DIMENSION || height > JPEG_MAX_DIMENSION )
{
os::Printer::log("Image dimensions too large for JPG in file", filename, ELL_WARNING);
longjmp(jerr.setjmp_buffer, 1);
}
// Allocate memory for buffer
u8* output = new u8[rowspan * height];
@ -237,7 +247,7 @@ IImage* CImageLoaderJPG::loadImage(io::IReadFile* file) const
// Create array of row pointers for lib
rowPtr = new u8* [height];
for( u32 i = 0; i < height; i++ )
for( size_t i = 0; i < height; i++ )
rowPtr[i] = &output[ i * rowspan ];
u32 rowsRead = 0;
@ -246,6 +256,7 @@ IImage* CImageLoaderJPG::loadImage(io::IReadFile* file) const
rowsRead += jpeg_read_scanlines( &cinfo, &rowPtr[rowsRead], cinfo.output_height - rowsRead );
delete [] rowPtr;
rowPtr = 0;
// Finish decompression
jpeg_finish_decompress(&cinfo);