Permalink
Show file tree
Hide file tree
5 comments
on commit
sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Fix potential BMP stack overflow (Issue #453)
- Loading branch information
1 parent
86d1543
commit 27d0898
Showing
2 changed files
with
5 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
27d0898There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are there consequences if
depthis negative? How aboutinfo_size? etc.Thanks
27d0898There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@setharnold
info_sizeanddepthare both unsigned values in the file. In the case ofinfo_size, the consequence of a 32-bit unsigned value being interpreted as a 32-bit signed value (whenintis 32-bits) will be that the extra image information will not be skipped and you'll end up with bogus image data embedded in the output. FordepthI only support specific values (1, 4, 8, and 24) - an unsupported value will result in a blank image. I should probably change this to return an error but it isn't critical.27d0898There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
27d0898There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@setharnold The bogus data comes from the file - this doesn't cause any weird memory accesses, it will just mean that the reader will look for colormap and image data inside the extra image information area and populate the pixel array accordingly. More than likely the output will contain a garbage rectangle but it will be safe garbage with no out-of-bounds memory accesses.
27d0898There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@michaelrsweet beautiful, thanks! :)