Skip to content

Commit

Permalink
xcf: check for some potential integer overflows.
Browse files Browse the repository at this point in the history
  • Loading branch information
@icculus
icculus committed Feb 7, 2018
1 parent 4e006ad commit f9ad754
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions IMG_xcf.c
View file
Expand Up @@ -595,6 +595,18 @@ do_layer_surface(SDL_Surface * surface, SDL_RWops * src, xcf_header * head, xcf_
SDL_RWseek(src, layer->hierarchy_file_offset, RW_SEEK_SET);
hierarchy = read_xcf_hierarchy(src);

if (hierarchy->bpp > 4) { /* unsupported. */
SDL_Log("Unknown Gimp image bpp (%u)\n", (unsigned int) hierarchy->bpp);
free_xcf_hierarchy(hierarchy);
return 1;
}

if ((hierarchy->width > 20000) || (hierarchy->height > 20000)) { /* arbitrary limit to avoid integer overflow. */
SDL_Log("Gimp image too large (%ux%u)\n", (unsigned int) hierarchy->width, (unsigned int) hierarchy->height);
free_xcf_hierarchy(hierarchy);
return 1;
}

level = NULL;
for (i = 0; hierarchy->level_file_offsets[i]; i++) {
SDL_RWseek(src, hierarchy->level_file_offsets[i], RW_SEEK_SET);
Expand Down

0 comments on commit f9ad754

Please sign in to comment.