[Commits] SDL_image: xcf: check for some potential integer overflows.

libsdl.org revision control commits-owner at libsdl.org
Wed Feb 7 13:29:56 PST 2018


details:   https://hg.libsdl.org/SDL_image/rev/fb643e371806
changeset: 569:fb643e371806
user:      Ryan C. Gordon <icculus at icculus.org>
date:      Wed Feb 07 16:29:51 2018 -0500
description:
xcf: check for some potential integer overflows.

diffstat:

 IMG_xcf.c |  12 ++++++++++++
 1 files changed, 12 insertions(+), 0 deletions(-)

diffs (22 lines):

diff -r c5f9cbb5d2bb -r fb643e371806 IMG_xcf.c
--- a/IMG_xcf.c	Wed Feb 07 16:18:54 2018 -0500
+++ b/IMG_xcf.c	Wed Feb 07 16:29:51 2018 -0500
@@ -595,6 +595,18 @@
     SDL_RWseek(src, layer->hierarchy_file_offset, RW_SEEK_SET);
     hierarchy = read_xcf_hierarchy(src);
 
+    if (hierarchy->bpp > 4) {  /* unsupported. */
+        SDL_Log("Unknown Gimp image bpp (%u)\n", (unsigned int) hierarchy->bpp);
+        free_xcf_hierarchy(hierarchy);
+        return 1;
+    }
+
+    if ((hierarchy->width > 20000) || (hierarchy->height > 20000)) {  /* arbitrary limit to avoid integer overflow. */
+        SDL_Log("Gimp image too large (%ux%u)\n", (unsigned int) hierarchy->width, (unsigned int) hierarchy->height);
+        free_xcf_hierarchy(hierarchy);
+        return 1;
+    }
+
     level = NULL;
     for (i = 0; hierarchy->level_file_offsets[i]; i++) {
         SDL_RWseek(src, hierarchy->level_file_offsets[i], RW_SEEK_SET);


More information about the commits mailing list