diff options
author | Campbell Barton <ideasman42@gmail.com> | 2020-11-11 08:14:09 +0300 |
---|---|---|
committer | Campbell Barton <ideasman42@gmail.com> | 2020-11-11 08:14:09 +0300 |
commit | 15ffda3bcd697e6f3a0cc13e141da865f36f3b53 (patch) | |
tree | f98d9fc831f18a9194818f5428466884654e802b /source/blender/imbuf/intern/dds/dds_api.cpp | |
parent | 2d60845786aeab099c61ffa42b7f72cccc68bff1 (diff) |
Fix T82602: checking image header reads past buffer bounds
Use the size argument to ensure checking the header doesn't read
past the buffer bounds when reading corrupt/truncated headers
from image files.
Diffstat (limited to 'source/blender/imbuf/intern/dds/dds_api.cpp')
-rw-r--r-- | source/blender/imbuf/intern/dds/dds_api.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/source/blender/imbuf/intern/dds/dds_api.cpp b/source/blender/imbuf/intern/dds/dds_api.cpp index 78ce8b5ee9b..5687824f9fd 100644 --- a/source/blender/imbuf/intern/dds/dds_api.cpp +++ b/source/blender/imbuf/intern/dds/dds_api.cpp @@ -73,8 +73,11 @@ bool imb_save_dds(struct ImBuf *ibuf, const char *name, int /*flags*/) } /* note: use at most first 32 bytes */ -bool imb_is_a_dds(const unsigned char *mem, size_t UNUSED(size)) +bool imb_is_a_dds(const unsigned char *mem, const size_t size) { + if (size < 8) { + return false; + } /* heuristic check to see if mem contains a DDS file */ /* header.fourcc == FOURCC_DDS */ if ((mem[0] != 'D') || (mem[1] != 'D') || (mem[2] != 'S') || (mem[3] != ' ')) { |