asgardius/virtualx-engine
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Merge pull request #46555 from gongpha/line-ptr-more-than-size-bmp

Browse source 
Check if the line pointer goes away from the image buffer's EOF in the BMP importer
This commit is contained in:
Rémi Verschelde 2021-10-03 17:41:43 +02:00 committed by GitHub
commit 66ab3ce954
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
modules/bmp/image_loader_bmp.cpp
View file

@ -91,11 +91,13 @@ Error ImageLoaderBMP::convert_to_image(Ref<Image> p_image,
// the data width in case of 8/4/1 bit images // the data width in case of 8/4/1 bit images
const uint32_t w = bits_per_pixel >= 24 ? width : width_bytes; const uint32_t w = bits_per_pixel >= 24 ? width : width_bytes;
const uint8_t *line = p_buffer + (line_width * (height - 1)); const uint8_t *line = p_buffer + (line_width * (height - 1));
const uint8_t *end_buffer = p_buffer + p_header.bmp_file_header.bmp_file_size - p_header.bmp_file_header.bmp_file_offset;
for (uint64_t i = 0; i < height; i++) { for (uint64_t i = 0; i < height; i++) {
const uint8_t *line_ptr = line; const uint8_t *line_ptr = line;
for (unsigned int j = 0; j < w; j++) { for (unsigned int j = 0; j < w; j++) {
ERR_FAIL_COND_V(line_ptr >= end_buffer, ERR_FILE_CORRUPT);
switch (bits_per_pixel) { switch (bits_per_pixel) {
case 1: { case 1: {
uint8_t color_index = *line_ptr; uint8_t color_index = *line_ptr;