New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix BMP loading bug; fix problem accepting invalid image #228
base: master
Are you sure you want to change the base?
Conversation
@fire-eggs Kevin, this is a tricky one. I can't find the commit 4394942 in your fork anymore although the link to the commit still displays the comparison. The "Files changed" tab shows four parts:
|
Yes, part 1 you mention is irrelevant. Should I submit a new pull request? Only the changes in 4394942 are related. |
Not yet, please wait a moment. I'm going to post my comments to 2,3, and 4 shortly. Then we can decide how to proceed. |
According to MS docs this is correct. They say:
However, Wikipedia docs on BMP claim:
If this is correct the patch would exclude such - otherwise valid - images, i.e. if one of the reserved words is not 0. I tried to find such images but succeeded only with a few images that didn't have values other than 0 in these reserved words. After hex-editing one of the images (replacing the contents of the reserved words with arbitrary values) the modified image could not be loaded using the patch (which is obvious, but not a valid test for anything, I know). It would be interesting to find such non-MS-compliant images and try to open these images with different graphics applications including Microsoft's own image viewers etc.. Other than that, I believe that this check is too strict and should not be applied. To be continued... |
MS docs say:
The size of If I'm correct then this additional check would exclude all images that include a BITMAPV4HEADER or BITMAPV5HEADER structure, respectively. The existing code ignores the parts of these larger structures (see variable Again, I don't have any examples. Just analyzing the code. A better option would be to test for all (three) valid structure sizes. Maybe. Comments, ideas? To be continued... |
Part 4: short comment: I'm not sure. Generally the patch looks plausible (as said above), but ... In some cases we may need an This needs further investigation, I did not yet test if the patch has any consequences on this scenario or related issues. Just thinking out loud... OK, that's it for now, I'll watch this issue, but don't expect more replies today. @fire-eggs Thanks for all your suggestions and for considering my comments. |
PS: comments from others appreciated as well... |
RE: parts 2 and 3. I was attempting to address an obscure edge case which I stumbled across. Breaking support for entire classes of valid BMP files is not worth it. So I'd like to withdraw the suggested changes. RE: part 4: comments pending |
RE: part 4 I ran into this situation because I had an image which Issue A: Issue B: the possible return values from
I've not exercised 3(a) above, only 3(b), but I'm assuming the results would be the same. Issue C: test programs using I had to find my error image and make some tests to understand the implications of Issue C above. I've looked at most of the uses of
I hacked the
A similar set of error messages can be observed by attempting to load the "error image" using the On Windows there are no apparent errors or problems as a result of displaying the error image. Issue D : I feel that FLTK should not handle a Let me know if my changes to Wandered rather far afield from "attempting to check for a bad BMP file"... Thanks for listening! |
OK.
Thank you very much for the detailed analysis and the work and time (!) you invested. I'll need some time to reply with "real answers" and to provide my own thoughts. I'm also busy with some other stuff... But for now some historical facts: the This is certainly the reason why the FLTK libray (Fl_Help_View) and the test and demo programs don't check for I think what we need is twofold:
Specifying the correct behavior for previously undocumented cases is always hard to do. We need to consider whether the new specification has the potential to break old programs that (mis)used the corner cases or "just worked" anyway. |
Yes, I think this would be helpful. Can you please post a patch/diff ? |
Here you go. The change to
|
No urgency here. Thank you for prompt and regular feedback!
Ah yes, history. I wasn't aware Fl_Help_View predated the
I'm not one for touching code unnecessarily. My examination of uses of Fl_Shared_Image found that the FLTK source mostly checked for h / w / d being zero as the validity check. I think it is a valid check and doesn't need to be changed. Fl_Help_View is an exception as it only checks for null. Here is an opportunity to use the new method. I agree for the test and demo programs. |
I agree, thanks for this comment as well. |
See https://www.fltk.org/str.php?L2284 for a request on better EOF checking in BMPs. Edit (@Albrecht-S): simplified link. |
This is a two part fix.
Part 1: If given a text file which has the first two characters as "BM",
Fl_BMP_Image
will attempt to load that file as a valid bitmap file. Depending on what is in the text file,Fl_BMP_Image
will crash in various ways.The fix is to verify the existence of some required attributes of a valid Bitmap header and set the file's
fail()
state.Part 2: Having fixed the above bug, I then discovered that
Fl_Shared_Image
did not check thefail()
state, and proceeded to act as if the invalidFl_BMP_Image
was in fact valid.The fix here is to check the
fail()
state: in a failure situation, delete the invalid object, and continue iterating through the image handlers.