system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-07-21 10:05:32 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

LibGfx/BMPLoader: Ensure DIB size and offset are within expected range

Browse source
This commit is contained in:
Tim Ledbetter 2023-10-08 13:53:51 +01:00 committed by Andreas Kling
parent 127f6ed6eb
commit bc6638682d
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
Userland/Libraries/LibGfx/ImageFormats/BMPLoader.cpp
View file

@ -832,7 +832,17 @@ static ErrorOr<void> decode_bmp_dib(BMPLoadingContext& context)
// NOTE: If this is a headless BMP (embedded on ICO files), then we can only infer the data_offset after we know the data table size.
// We are also assuming that no Extra bit masks are present
u32 dib_offset = context.is_included_in_ico ? dib_size : context.data_offset - header_size - 4;
u32 dib_offset = dib_size;
if (!context.is_included_in_ico) {
if (context.data_offset < header_size + 4u)
return Error::from_string_literal("Data offset too small");
dib_offset = context.data_offset - header_size - 4;
}
if (dib_offset >= context.file_size)
return Error::from_string_literal("DIB too large");
streamer = InputStreamer(context.file_bytes + header_size + 4, dib_offset);
dbgln_if(BMP_DEBUG, "BMP dib size: {}", dib_size);