diff options
author | Brecht Van Lommel <brechtvanlommel@gmail.com> | 2018-01-15 01:26:31 +0300 |
---|---|---|
committer | Brecht Van Lommel <brechtvanlommel@gmail.com> | 2018-01-17 22:25:42 +0300 |
commit | 07aed404cfb2759f97c60b9f64d8a9392dabaf1a (patch) | |
tree | ae47bdb684d0fbc8928dd2c011ca24a7fbfcb0d7 /source/blender/blenkernel | |
parent | d30cc1ea0b9ba64d8a1e22105528b6cb8077692c (diff) |
Fix buffer overflow vulernability in thumbnail file reading.
Fixes CVE-2017-2908 from T52924.
Differential Revision: https://developer.blender.org/D3001
Diffstat (limited to 'source/blender/blenkernel')
-rw-r--r-- | source/blender/blenkernel/BKE_main.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/source/blender/blenkernel/BKE_main.h b/source/blender/blenkernel/BKE_main.h index 387045878f3..d8318bfcf5d 100644 --- a/source/blender/blenkernel/BKE_main.h +++ b/source/blender/blenkernel/BKE_main.h @@ -145,7 +145,8 @@ typedef struct Main { #define BLEN_THUMB_SIZE 128 -#define BLEN_THUMB_MEMSIZE(_x, _y) (sizeof(BlendThumbnail) + (size_t)((_x) * (_y)) * sizeof(int)) +#define BLEN_THUMB_MEMSIZE(_x, _y) (sizeof(BlendThumbnail) + ((size_t)(_x) * (size_t)(_y)) * sizeof(int)) +#define BLEN_THUMB_SAFE_MEMSIZE(_x, _y) ((uint64_t)_x * (uint64_t)_y < (SIZE_MAX / (sizeof(int) * 4))) #ifdef __cplusplus } |