diff options
author | Ray Molenkamp <github@lazydodo.com> | 2022-07-14 21:18:35 +0300 |
---|---|---|
committer | Ray Molenkamp <github@lazydodo.com> | 2022-07-14 21:18:35 +0300 |
commit | b1329d7eaa52a11c73b75d19d20bd8f6d11ac535 (patch) | |
tree | 8429c2d47058d8e0a193d235ce884b3101d7200f /source/blender/blendthumb | |
parent | 9fedcde750bb1f6fbbdc00f8086b12f1fd523231 (diff) |
Fix T99705: fix integer overflow in thumbnail extractor
It was smart enough to check if the buffer had the right
size but neglected to cast to a 64 bit value so it
overflowed.
Differential Revision: https://developer.blender.org/D15457
Reviewed By: brecht
Diffstat (limited to 'source/blender/blendthumb')
-rw-r--r-- | source/blender/blendthumb/src/blendthumb_extract.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/source/blender/blendthumb/src/blendthumb_extract.cc b/source/blender/blendthumb/src/blendthumb_extract.cc index de1f50dfdce..369da559fc8 100644 --- a/source/blender/blendthumb/src/blendthumb_extract.cc +++ b/source/blender/blendthumb/src/blendthumb_extract.cc @@ -134,7 +134,8 @@ static eThumbStatus blendthumb_extract_from_file_impl(FileReader *file, /* Verify that image dimensions and data size make sense. */ size_t data_size = block_size - 8; - const size_t expected_size = thumb->width * thumb->height * 4; + const uint64_t expected_size = static_cast<uint64_t>(thumb->width) * + static_cast<uint64_t>(thumb->height) * 4; if (thumb->width < 0 || thumb->height < 0 || data_size != expected_size) { return BT_INVALID_THUMB; } |