Fix T99711: Eternal loop reading blend file thumbnail

Account for negative BHead length (already handled by blend file loading).
author: Campbell Barton <campbell@blender.org> 2022-07-15 07:47:18 +0300
committer: Thomas Dinges <blender@dingto.org> 2022-07-15 15:55:56 +0300
commit: 24a2b5cb1292f769dd86e314471443976d5e9512 (patch)
tree: fe40c32b4bc88bf487100098c11b4a04d086dd1a
parent: 32df09b2416a6961704eca0fe73534c8c4e715b2 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/source/blender/blendthumb/src/blendthumb_extract.cc b/source/blender/blendthumb/src/blendthumb_extract.cc
index 369da559fc8..163197c8b67 100644
--- a/source/blender/blendthumb/src/blendthumb_extract.cc
+++ b/source/blender/blendthumb/src/blendthumb_extract.cc
@@ -121,6 +121,9 @@ static eThumbStatus blendthumb_extract_from_file_impl(FileReader *file,
   while (file_read(file, bhead_data, bhead_size)) {
     /* Parse type and size from `BHead`. */
     const int32_t block_size = bytes_to_native_i32(&bhead_data[4], endian_switch);
+    if (UNLIKELY(block_size < 0)) {
+      return BT_INVALID_THUMB;
+    }
 
     /* We're looking for the thumbnail, so skip any other block. */
     switch (*((int32_t *)bhead_data)) {
author	Campbell Barton <campbell@blender.org>	2022-07-15 07:47:18 +0300
committer	Thomas Dinges <blender@dingto.org>	2022-07-15 15:55:56 +0300
commit	24a2b5cb1292f769dd86e314471443976d5e9512 (patch)
tree	fe40c32b4bc88bf487100098c11b4a04d086dd1a
parent	32df09b2416a6961704eca0fe73534c8c4e715b2 (diff)