Welcome to mirror list, hosted at ThFree Co, Russian Federation.

git.blender.org/blender.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/source/blender/blendthumb/src/blendthumb_extract.cc
diff options
context:
space:
mode:
Diffstat (limited to 'source/blender/blendthumb/src/blendthumb_extract.cc')
-rw-r--r--source/blender/blendthumb/src/blendthumb_extract.cc8
1 files changed, 6 insertions, 2 deletions
diff --git a/source/blender/blendthumb/src/blendthumb_extract.cc b/source/blender/blendthumb/src/blendthumb_extract.cc
index de1f50dfdce..fff1242f2ce 100644
--- a/source/blender/blendthumb/src/blendthumb_extract.cc
+++ b/source/blender/blendthumb/src/blendthumb_extract.cc
@@ -121,6 +121,9 @@ static eThumbStatus blendthumb_extract_from_file_impl(FileReader *file,
while (file_read(file, bhead_data, bhead_size)) {
/* Parse type and size from `BHead`. */
const int32_t block_size = bytes_to_native_i32(&bhead_data[4], endian_switch);
+ if (UNLIKELY(block_size < 0)) {
+ return BT_INVALID_THUMB;
+ }
/* We're looking for the thumbnail, so skip any other block. */
switch (*((int32_t *)bhead_data)) {
@@ -133,8 +136,9 @@ static eThumbStatus blendthumb_extract_from_file_impl(FileReader *file,
thumb->height = bytes_to_native_i32(&shape[4], endian_switch);
/* Verify that image dimensions and data size make sense. */
- size_t data_size = block_size - 8;
- const size_t expected_size = thumb->width * thumb->height * 4;
+ size_t data_size = block_size - sizeof(shape);
+ const uint64_t expected_size = static_cast<uint64_t>(thumb->width) *
+ static_cast<uint64_t>(thumb->height) * 4;
if (thumb->width < 0 || thumb->height < 0 || data_size != expected_size) {
return BT_INVALID_THUMB;
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 16:05:47 +0300