-
-
Notifications
You must be signed in to change notification settings - Fork 46
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix potential BMP stack overflow (Issue #453)
- Loading branch information
1 parent
86d1543
commit 27d0898
Showing
2 changed files
with
5 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27d0898
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are there consequences if
depth
is negative? How aboutinfo_size
? etc.Thanks
27d0898
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@setharnold
info_size
anddepth
are both unsigned values in the file. In the case ofinfo_size
, the consequence of a 32-bit unsigned value being interpreted as a 32-bit signed value (whenint
is 32-bits) will be that the extra image information will not be skipped and you'll end up with bogus image data embedded in the output. Fordepth
I only support specific values (1, 4, 8, and 24) - an unsupported value will result in a blank image. I should probably change this to return an error but it isn't critical.27d0898
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
27d0898
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@setharnold The bogus data comes from the file - this doesn't cause any weird memory accesses, it will just mean that the reader will look for colormap and image data inside the extra image information area and populate the pixel array accordingly. More than likely the output will contain a garbage rectangle but it will be safe garbage with no out-of-bounds memory accesses.
27d0898
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@michaelrsweet beautiful, thanks! :)