mirror of
https://github.com/minetest/irrlicht.git
synced 2025-01-11 18:40:18 +01:00
Add checks for sane image sizes in some image loaders (bmp, jpg, tga, png)
Thanks @sfan5 for the original patch (got modified a bit): dbd39120e7
Forum: https://irrlicht.sourceforge.io/forum/viewtopic.php?f=2&t=52819&p=306518
Those are the common formats, but rest of image loaders should also call this some day.
git-svn-id: svn://svn.code.sf.net/p/irrlicht/code/trunk@6387 dfc29bdd-3216-0410-991c-e03cc46cb475
This commit is contained in:
parent
72b1522083
commit
cfde879801
@ -1,6 +1,8 @@
|
||||
--------------------------
|
||||
Changes in 1.9 (not yet released)
|
||||
|
||||
- Add checks for sane image sizes in some image loaders (so far: bmp, jpg, tga, png).
|
||||
Thanks @sfan5 for the original patch (got modified a bit): https://github.com/minetest/irrlicht/commit/dbd39120e7ed8c0c97e48e2df62347627f3c1d42
|
||||
- Add IImage::checkDataSizeLimit and make IImage getDataSizeFromFormat return size_t so image loaders can check if sizes are sane.
|
||||
- Fix crash with large jpg files. Based somewhat on a patch in Minetest from sfan5 https://github.com/minetest/irrlicht/commit/594de9915346a87f67cd94e28c7933993efb5d3b
|
||||
- COSOperator::getSystemMemory now returns some value on OSX (thought same for total and available).
|
||||
|
@ -313,6 +313,13 @@ IImage* CImageLoaderBMP::loadImage(io::IReadFile* file) const
|
||||
dim.Height = header.Height;
|
||||
|
||||
IImage* image = 0;
|
||||
|
||||
if ( !IImage::checkDataSizeLimit( (size_t)header.Width*header.Height*header.BPP) )
|
||||
{
|
||||
os::Printer::log("Image dimensions too large for file", file->getFileName(), ELL_WARNING);
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
switch(header.BPP)
|
||||
{
|
||||
case 1:
|
||||
@ -348,7 +355,7 @@ IImage* CImageLoaderBMP::loadImage(io::IReadFile* file) const
|
||||
};
|
||||
|
||||
// clean up
|
||||
|
||||
cleanup:
|
||||
delete [] paletteData;
|
||||
delete [] bmpData;
|
||||
|
||||
|
@ -232,9 +232,11 @@ IImage* CImageLoaderJPG::loadImage(io::IReadFile* file) const
|
||||
u32 width = cinfo.image_width;
|
||||
u32 height = cinfo.image_height;
|
||||
|
||||
if ( width > JPEG_MAX_DIMENSION || height > JPEG_MAX_DIMENSION )
|
||||
if ( width > JPEG_MAX_DIMENSION || height > JPEG_MAX_DIMENSION
|
||||
|| !IImage::checkDataSizeLimit(IImage::getDataSizeFromFormat(ECF_R8G8B8, width, height))
|
||||
)
|
||||
{
|
||||
os::Printer::log("Image dimensions too large for JPG in file", filename, ELL_WARNING);
|
||||
os::Printer::log("Image dimensions too large in file", filename, ELL_ERROR);
|
||||
longjmp(jerr.setjmp_buffer, 1);
|
||||
}
|
||||
|
||||
|
@ -158,6 +158,9 @@ IImage* CImageLoaderPng::loadImage(io::IReadFile* file) const
|
||||
Height=h;
|
||||
}
|
||||
|
||||
if (!IImage::checkDataSizeLimit((size_t)Width* Height * (BitDepth/8)))
|
||||
png_cpexcept_error(png_ptr, "Image dimensions too large");
|
||||
|
||||
// Convert palette color to true color
|
||||
if (ColorType==PNG_COLOR_TYPE_PALETTE)
|
||||
png_set_palette_to_rgb(png_ptr);
|
||||
|
@ -106,6 +106,12 @@ IImage* CImageLoaderTGA::loadImage(io::IReadFile* file) const
|
||||
header.ImageHeight = os::Byteswap::byteswap(header.ImageHeight);
|
||||
#endif
|
||||
|
||||
if (!IImage::checkDataSizeLimit((size_t)header.ImageWidth* header.ImageHeight * (header.PixelDepth/8)))
|
||||
{
|
||||
os::Printer::log("Image dimensions too large in file.", file->getFileName(), ELL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
|
||||
// skip image identification field
|
||||
if (header.IdLength)
|
||||
file->seek(header.IdLength, true);
|
||||
|
Loading…
Reference in New Issue
Block a user