[Commits] SDL_image: bmp: don't overflow palette buffer with bogus biClrUs...

libsdl.org revision control commits-owner at libsdl.org
Wed Jan 24 10:12:13 PST 2018


details:   https://hg.libsdl.org/SDL_image/rev/37445f6180a8
changeset: 559:37445f6180a8
user:      Ryan C. Gordon <icculus at icculus.org>
date:      Wed Jan 24 13:12:07 2018 -0500
description:
bmp: don't overflow palette buffer with bogus biClrUsed values.

diffstat:

 IMG_bmp.c |  5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diffs (15 lines):

diff -r a1e9b624ca10 -r 37445f6180a8 IMG_bmp.c
--- a/IMG_bmp.c	Wed Jan 24 13:02:04 2018 -0500
+++ b/IMG_bmp.c	Wed Jan 24 13:12:07 2018 -0500
@@ -760,6 +760,11 @@
         if (biClrUsed == 0) {
             biClrUsed = 1 << biBitCount;
         }
+        if (biClrUsed > SDL_arraysize(palette)) {
+            IMG_SetError("Unsupported or incorrect biClrUsed field");
+            was_error = SDL_TRUE;
+            goto done;
+        }
         for (i = 0; i < (int) biClrUsed; ++i) {
             SDL_RWread(src, &palette[i], 4, 1);
         }


More information about the commits mailing list