mirror of
https://github.com/minetest/irrlicht.git
synced 2024-12-24 01:30:31 +01:00
Limit dimensions of all image loaders to 23000x23000
This commit is contained in:
parent
594de99153
commit
dbd39120e7
@ -13,6 +13,13 @@ namespace irr
|
||||
namespace video
|
||||
{
|
||||
|
||||
//! check sanity of image dimensions to prevent issues later, for use by CImageLoaders
|
||||
inline bool checkImageDimensions(u32 width, u32 height)
|
||||
{
|
||||
// 4 * 23000 * 23000 is just under S32_MAX
|
||||
return width <= 23000 && height <= 23000;
|
||||
}
|
||||
|
||||
//! IImage implementation with a lot of special image operations for
|
||||
//! 16 bit A1R5G5B5/32 Bit A8R8G8B8 images, which are used by the SoftwareDevice.
|
||||
class CImage : public IImage
|
||||
|
@ -252,6 +252,12 @@ IImage* CImageLoaderBMP::loadImage(io::IReadFile* file) const
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (header.BPP > 32 || !checkImageDimensions(header.Width, header.Height))
|
||||
{
|
||||
os::Printer::log("Rejecting BMP with unreasonable size or BPP.", ELL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
|
||||
// adjust bitmap data size to dword boundary
|
||||
header.BitmapDataSize += (4-(header.BitmapDataSize%4))%4;
|
||||
|
||||
|
@ -221,8 +221,8 @@ IImage* CImageLoaderJPG::loadImage(io::IReadFile* file) const
|
||||
cinfo.output_gamma=2.2;
|
||||
cinfo.do_fancy_upsampling=FALSE;
|
||||
|
||||
// reject unreasonable sizes (4 * 32000 * 32000 is just under U32_MAX)
|
||||
if (cinfo.image_width > 32000 || cinfo.image_height > 32000)
|
||||
// reject unreasonable sizes
|
||||
if (!checkImageDimensions(cinfo.image_width, cinfo.image_height))
|
||||
longjmp(jerr.setjmp_buffer, 1);
|
||||
|
||||
// Start decompressor
|
||||
|
@ -154,6 +154,9 @@ IImage* CImageLoaderPng::loadImage(io::IReadFile* file) const
|
||||
Height=h;
|
||||
}
|
||||
|
||||
if (!checkImageDimensions(Width, Height))
|
||||
png_cpexcept_error(png_ptr, "Unreasonable size");
|
||||
|
||||
// Convert palette color to true color
|
||||
if (ColorType==PNG_COLOR_TYPE_PALETTE)
|
||||
png_set_palette_to_rgb(png_ptr);
|
||||
|
@ -106,6 +106,12 @@ IImage* CImageLoaderTGA::loadImage(io::IReadFile* file) const
|
||||
header.ImageHeight = os::Byteswap::byteswap(header.ImageHeight);
|
||||
#endif
|
||||
|
||||
if (!checkImageDimensions(header.ImageWidth, header.ImageHeight))
|
||||
{
|
||||
os::Printer::log("Rejecting TGA with unreasonable size.", ELL_ERROR);
|
||||
return 0;
|
||||
}
|
||||
|
||||
// skip image identification field
|
||||
if (header.IdLength)
|
||||
file->seek(header.IdLength, true);
|
||||
|
Loading…
Reference in New Issue
Block a user