From 15ffda3bcd697e6f3a0cc13e141da865f36f3b53 Mon Sep 17 00:00:00 2001
From: Campbell Barton <ideasman42@gmail.com>
Date: Wed, 11 Nov 2020 16:14:09 +1100
Subject: Fix T82602: checking image header reads past buffer bounds

Use the size argument to ensure checking the header doesn't read
past the buffer bounds when reading corrupt/truncated headers
from image files.
---
 source/blender/imbuf/intern/openexr/openexr_api.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'source/blender/imbuf/intern/openexr')

diff --git a/source/blender/imbuf/intern/openexr/openexr_api.cpp b/source/blender/imbuf/intern/openexr/openexr_api.cpp
index 467454ddb7a..56188fbe98a 100644
--- a/source/blender/imbuf/intern/openexr/openexr_api.cpp
+++ b/source/blender/imbuf/intern/openexr/openexr_api.cpp
@@ -330,8 +330,12 @@ extern "C" {
  * Test presence of OpenEXR file.
  * \param mem: pointer to loaded OpenEXR bitstream
  */
-bool imb_is_a_openexr(const unsigned char *mem, const size_t UNUSED(size))
+bool imb_is_a_openexr(const unsigned char *mem, const size_t size)
 {
+  /* No define is exposed for this size. */
+  if (size < 4) {
+    return false;
+  }
   return Imf::isImfMagic((const char *)mem);
 }
 
-- 
cgit v1.2.3