diff options
| author | Campbell Barton <ideasman42@gmail.com> | 2020-11-11 08:14:09 +0300 |
|---|---|---|
| committer | Campbell Barton <ideasman42@gmail.com> | 2020-11-11 08:14:09 +0300 |
| commit | 15ffda3bcd697e6f3a0cc13e141da865f36f3b53 (patch) | |
| tree | f98d9fc831f18a9194818f5428466884654e802b /source/blender/imbuf/intern/jpeg.c | |
| parent | 2d60845786aeab099c61ffa42b7f72cccc68bff1 (diff) | |
Fix T82602: checking image header reads past buffer bounds
Use the size argument to ensure checking the header doesn't read
past the buffer bounds when reading corrupt/truncated headers
from image files.
Diffstat (limited to 'source/blender/imbuf/intern/jpeg.c')
| -rw-r--r-- | source/blender/imbuf/intern/jpeg.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/source/blender/imbuf/intern/jpeg.c b/source/blender/imbuf/intern/jpeg.c index 4a937738b52..93cdbbb1407 100644 --- a/source/blender/imbuf/intern/jpeg.c +++ b/source/blender/imbuf/intern/jpeg.c @@ -57,12 +57,13 @@ static ImBuf *ibJpegImageFromCinfo(struct jpeg_decompress_struct *cinfo, int fla static const uchar jpeg_default_quality = 75; static uchar ibuf_quality; -bool imb_is_a_jpeg(const unsigned char *mem, const size_t UNUSED(size)) +bool imb_is_a_jpeg(const unsigned char *mem, const size_t size) { - if ((mem[0] == 0xFF) && (mem[1] == 0xD8)) { - return 1; + const char magic[2] = {0xFF, 0xD8}; + if (size < sizeof(magic)) { + return false; } - return 0; + return memcmp(mem, magic, sizeof(magic)) == 0; } /*---------------------------------------------------------- |