Browse Source

engine: imagelib: fix crash when chunk length is more than file size

pull/2/head
Alibek Omarov 2 years ago
parent
commit
9b001987e9
  1. 9
      engine/common/imagelib/img_png.c

9
engine/common/imagelib/img_png.c

@ -161,7 +161,14 @@ qboolean Image_LoadPNG( const char *name, const byte *buffer, fs_offset_t filesi
if( chunk_len > INT_MAX ) if( chunk_len > INT_MAX )
{ {
Con_DPrintf( S_ERROR "Image_LoadPNG: Found chunk with wrong size (%s)\n", name ); Con_DPrintf( S_ERROR "Image_LoadPNG: Found chunk with wrong size (%s)\n", name );
Mem_Free( idat_buf ); if( idat_buf ) Mem_Free( idat_buf );
return false;
}
if( chunk_len > filesize - ( buf_p - buffer ))
{
Con_DPrintf( S_ERROR "Image_LoadPNG: Found chunk with size past file size (%s)\n", name );
if( idat_buf ) Mem_Free( idat_buf );
return false; return false;
} }

Loading…
Cancel
Save