Skip to content
Permalink
Browse files Browse the repository at this point in the history
Make line_no with too large value(2**20) invalid. Fixes #124
  • Loading branch information
syoyo committed Jul 7, 2019
1 parent 2a5eac4 commit a685e33
Showing 1 changed file with 15 additions and 1 deletion.
16 changes: 15 additions & 1 deletion tinyexr.h
Expand Up @@ -472,7 +472,7 @@ extern int LoadEXRFromMemory(float **out_rgba, int *width, int *height,
#include <cstring>
#include <sstream>

// #include <iostream> // debug
//#include <iostream> // debug

#include <limits>
#include <string>
Expand Down Expand Up @@ -7013,6 +7013,11 @@ static void swap2(unsigned short *val) {
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wunused-function"
#endif

#ifdef __GNUC__
#pragma GCC diagnostic push
#pragma GCC diagnostic ignored "-Wunused-function"
#endif
static void cpy4(int *dst_val, const int *src_val) {
unsigned char *dst = reinterpret_cast<unsigned char *>(dst_val);
const unsigned char *src = reinterpret_cast<const unsigned char *>(src_val);
Expand Down Expand Up @@ -7046,6 +7051,10 @@ static void cpy4(float *dst_val, const float *src_val) {
#pragma clang diagnostic pop
#endif

#ifdef __GNUC__
#pragma GCC diagnostic pop
#endif

static void swap4(unsigned int *val) {
#ifdef MINIZ_LITTLE_ENDIAN
(void)val;
Expand Down Expand Up @@ -10949,6 +10958,11 @@ static int DecodeChunk(EXRImage *exr_image, const EXRHeader *exr_header,

if (size_t(data_len) > data_size) {
invalid_data = true;

} else if ((line_no > (2 << 20)) || (line_no < -(2 << 20))) {
// Too large value. Assume this is invalid
// 2**20 = 1048576 = heuristic value.
invalid_data = true;
} else if (data_len == 0) {
// TODO(syoyo): May be ok to raise the threshold for example `data_len
// < 4`
Expand Down

0 comments on commit a685e33

Please sign in to comment.