From 15ffda3bcd697e6f3a0cc13e141da865f36f3b53 Mon Sep 17 00:00:00 2001 From: Campbell Barton Date: Wed, 11 Nov 2020 16:14:09 +1100 Subject: Fix T82602: checking image header reads past buffer bounds Use the size argument to ensure checking the header doesn't read past the buffer bounds when reading corrupt/truncated headers from image files. --- source/blender/imbuf/intern/iris.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source/blender/imbuf/intern/iris.c') diff --git a/source/blender/imbuf/intern/iris.c b/source/blender/imbuf/intern/iris.c index c27ac5754c7..112b95bf1a1 100644 --- a/source/blender/imbuf/intern/iris.c +++ b/source/blender/imbuf/intern/iris.c @@ -243,8 +243,11 @@ static void test_endian_zbuf(struct ImBuf *ibuf) /* this one is only def-ed once, strangely... */ #define GSS(x) (((uchar *)(x))[1] << 8 | ((uchar *)(x))[0]) -bool imb_is_a_iris(const uchar *mem, size_t UNUSED(size)) +bool imb_is_a_iris(const uchar *mem, size_t size) { + if (size < 2) { + return false; + } return ((GS(mem) == IMAGIC) || (GSS(mem) == IMAGIC)); } -- cgit v1.2.3