archive/blender-archive
Archived
1
1
Fork 0
Code Pull Requests Packages Activity

Fix T82602: checking image header reads past buffer bounds

Browse Source 
Use the size argument to ensure checking the header doesn't read
past the buffer bounds when reading corrupt/truncated headers
from image files.
This commit is contained in:
Campbell Barton
2020-11-11 16:14:09 +11:00
parent 2d60845786
commit 15ffda3bcd
14 changed files with 95 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
source/blender/imbuf/intern/dds/dds_api.cpp
View File

@@ -73,8 +73,11 @@ bool imb_save_dds(struct ImBuf *ibuf, const char *name, int /*flags*/)
}
/* note: use at most first 32 bytes */
bool imb_is_a_dds(const unsigned char *mem, size_t UNUSED(size))
bool imb_is_a_dds(const unsigned char *mem, const size_t size)
{
if (size < 8) {
return false;
}
/* heuristic check to see if mem contains a DDS file */
/* header.fourcc == FOURCC_DDS */
if ((mem[0] != 'D') || (mem[1] != 'D') || (mem[2] != 'S') || (mem[3] != ' ')) {