YGGverse
/
xash3d-fwgs
mirror of https://github.com/YGGverse/xash3d-fwgs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

engine: imagelib: img_bmp: add paranoid checks for estimated file size to not exceed real buffer. Needs proper testing.

pull/2/head
Alibek Omarov 5 years ago
parent
371cfc1cce
commit
a641488b98
1 changed files with 29 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 32
      engine/common/imagelib/img_bmp.c

32
engine/common/imagelib/img_bmp.c
Unescape View File

@ -31,8 +31,13 @@ qboolean Image_LoadBMP( const char *name, const byte *buffer, fs_offset_t filesi @@ -31,8 +31,13 @@ qboolean Image_LoadBMP( const char *name, const byte *buffer, fs_offset_t filesi
int reflectivity[3] = { 0, 0, 0 };
qboolean load_qfont = false;
bmp_t bhdr;
fs_offset_t estimatedSize;
if( filesize < sizeof( bhdr )) return false;
if( filesize < sizeof( bhdr ))
{
Con_Reportf( S_ERROR "Image_LoadBMP: %s have incorrect file size %li should be greater than %li (header)\n", name, filesize, sizeof( bhdr ) );
return false;
}
buf_p = (byte *)buffer;
memcpy( &bhdr, buf_p, sizeof( bmp_t ));
@ -97,6 +102,13 @@ qboolean Image_LoadBMP( const char *name, const byte *buffer, fs_offset_t filesi @@ -97,6 +102,13 @@ qboolean Image_LoadBMP( const char *name, const byte *buffer, fs_offset_t filesi
else cbPalBytes = bhdr.colors * sizeof( rgba_t );
}
estimatedSize = ( buf_p - buffer ) + cbPalBytes;
if( filesize < estimatedSize )
{
Con_Reportf( S_ERROR "Image_LoadBMP: %s have incorrect file size %li should be greater than %li (palette)\n", name, filesize, estimatedSize );
return false;
}
memcpy( palette, buf_p, cbPalBytes );
// setup gradient alpha for player decal
@ -143,8 +155,6 @@ qboolean Image_LoadBMP( const char *name, const byte *buffer, fs_offset_t filesi @@ -143,8 +155,6 @@ qboolean Image_LoadBMP( const char *name, const byte *buffer, fs_offset_t filesi
}
buf_p += cbPalBytes;
image.size = image.width * image.height * bpp;
image.rgba = Mem_Malloc( host.imagepool, image.size );
bps = image.width * (bhdr.bitsPerPixel >> 3);
switch( bhdr.bitsPerPixel )
@ -164,6 +174,22 @@ qboolean Image_LoadBMP( const char *name, const byte *buffer, fs_offset_t filesi @@ -164,6 +174,22 @@ qboolean Image_LoadBMP( const char *name, const byte *buffer, fs_offset_t filesi
break;
}
estimatedSize = ( buf_p - buffer ) + ( image.width + padSize ) * image.height * ( bhdr.bitsPerPixel >> 3 );
if( filesize < estimatedSize )
{
if( image.palette )
{
Mem_Free( image.palette );
image.palette = NULL;
}
Con_Reportf( S_ERROR "Image_LoadBMP: %s have incorrect file size %li should be greater than %li (pixels)\n", name, filesize, estimatedSize );
return false;
}
image.size = image.width * image.height * bpp;
image.rgba = Mem_Malloc( host.imagepool, image.size );
for( row = rows - 1; row >= 0; row-- )
{
pixbuf = image.rgba + (row * columns * bpp);

Write Preview
Loading…
Cancel
Save