diff options
| author | Campbell Barton <ideasman42@gmail.com> | 2020-11-11 08:14:09 +0300 |
|---|---|---|
| committer | Campbell Barton <ideasman42@gmail.com> | 2020-11-11 08:14:09 +0300 |
| commit | 15ffda3bcd697e6f3a0cc13e141da865f36f3b53 (patch) | |
| tree | f98d9fc831f18a9194818f5428466884654e802b /source/blender/imbuf/intern/oiio | |
| parent | 2d60845786aeab099c61ffa42b7f72cccc68bff1 (diff) | |
Fix T82602: checking image header reads past buffer bounds
Use the size argument to ensure checking the header doesn't read
past the buffer bounds when reading corrupt/truncated headers
from image files.
Diffstat (limited to 'source/blender/imbuf/intern/oiio')
| -rw-r--r-- | source/blender/imbuf/intern/oiio/openimageio_api.cpp | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/source/blender/imbuf/intern/oiio/openimageio_api.cpp b/source/blender/imbuf/intern/oiio/openimageio_api.cpp index 9f27ac96e6d..1e8c3c25778 100644 --- a/source/blender/imbuf/intern/oiio/openimageio_api.cpp +++ b/source/blender/imbuf/intern/oiio/openimageio_api.cpp @@ -163,9 +163,12 @@ static ImBuf *imb_oiio_load_image_float( extern "C" { -bool imb_is_a_photoshop(const unsigned char *mem, size_t UNUSED(size)) +bool imb_is_a_photoshop(const unsigned char *mem, size_t size) { const unsigned char magic[4] = {'8', 'B', 'P', 'S'}; + if (size < sizeof(magic)) { + return false; + } return memcmp(magic, mem, sizeof(magic)) == 0; } |