From 07aed404cfb2759f97c60b9f64d8a9392dabaf1a Mon Sep 17 00:00:00 2001 From: Brecht Van Lommel Date: Sun, 14 Jan 2018 23:26:31 +0100 Subject: Fix buffer overflow vulernability in thumbnail file reading. Fixes CVE-2017-2908 from T52924. Differential Revision: https://developer.blender.org/D3001 --- source/blender/blenkernel/BKE_main.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source/blender/blenkernel/BKE_main.h') diff --git a/source/blender/blenkernel/BKE_main.h b/source/blender/blenkernel/BKE_main.h index 387045878f3..d8318bfcf5d 100644 --- a/source/blender/blenkernel/BKE_main.h +++ b/source/blender/blenkernel/BKE_main.h @@ -145,7 +145,8 @@ typedef struct Main { #define BLEN_THUMB_SIZE 128 -#define BLEN_THUMB_MEMSIZE(_x, _y) (sizeof(BlendThumbnail) + (size_t)((_x) * (_y)) * sizeof(int)) +#define BLEN_THUMB_MEMSIZE(_x, _y) (sizeof(BlendThumbnail) + ((size_t)(_x) * (size_t)(_y)) * sizeof(int)) +#define BLEN_THUMB_SAFE_MEMSIZE(_x, _y) ((uint64_t)_x * (uint64_t)_y < (SIZE_MAX / (sizeof(int) * 4))) #ifdef __cplusplus } -- cgit v1.2.3