diff options
author | Peter Kim <pk15950@gmail.com> | 2022-09-08 07:00:12 +0300 |
---|---|---|
committer | Peter Kim <pk15950@gmail.com> | 2022-09-08 07:00:12 +0300 |
commit | 00dcfdf916c69672210b006e62d966f1bc2fbeb7 (patch) | |
tree | 0cbb1b91fe26c750197126085b74224a795a103c /source/blender/blendthumb/src/blendthumb_extract.cc | |
parent | a39532670f6b668da7be5810fb1f844b82feeba3 (diff) | |
parent | d5934974219135102f364f57c45a8b1465e2b8d9 (diff) |
Merge branch 'master' into xr-devxr-dev
Diffstat (limited to 'source/blender/blendthumb/src/blendthumb_extract.cc')
-rw-r--r-- | source/blender/blendthumb/src/blendthumb_extract.cc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/source/blender/blendthumb/src/blendthumb_extract.cc b/source/blender/blendthumb/src/blendthumb_extract.cc index de1f50dfdce..fff1242f2ce 100644 --- a/source/blender/blendthumb/src/blendthumb_extract.cc +++ b/source/blender/blendthumb/src/blendthumb_extract.cc @@ -121,6 +121,9 @@ static eThumbStatus blendthumb_extract_from_file_impl(FileReader *file, while (file_read(file, bhead_data, bhead_size)) { /* Parse type and size from `BHead`. */ const int32_t block_size = bytes_to_native_i32(&bhead_data[4], endian_switch); + if (UNLIKELY(block_size < 0)) { + return BT_INVALID_THUMB; + } /* We're looking for the thumbnail, so skip any other block. */ switch (*((int32_t *)bhead_data)) { @@ -133,8 +136,9 @@ static eThumbStatus blendthumb_extract_from_file_impl(FileReader *file, thumb->height = bytes_to_native_i32(&shape[4], endian_switch); /* Verify that image dimensions and data size make sense. */ - size_t data_size = block_size - 8; - const size_t expected_size = thumb->width * thumb->height * 4; + size_t data_size = block_size - sizeof(shape); + const uint64_t expected_size = static_cast<uint64_t>(thumb->width) * + static_cast<uint64_t>(thumb->height) * 4; if (thumb->width < 0 || thumb->height < 0 || data_size != expected_size) { return BT_INVALID_THUMB; } |