# HG changeset patch # User Matti Hamalainen # Date 1560713585 -10800 # Node ID c7495fcaffa92017f795bc77ba914468be91b5fa # Parent fe974f670d1d7f15a3e6433588bfe416672174e7 Check image dimensions when loading PPM/PNG/PCX/IFF images. diff -r fe974f670d1d -r c7495fcaffa9 tools/libgfx.c --- a/tools/libgfx.c Sat Jun 15 22:53:25 2019 +0300 +++ b/tools/libgfx.c Sun Jun 16 22:33:05 2019 +0300 @@ -1005,6 +1005,13 @@ dmMsg(2, "PPM: %d x %d, type=%d\n", width, height, itype); + // Check image dimensions + if (width == 0 || height == 0) + { + return dmError(DMERR_INVALID_DATA, + "PPM: Invalid image dimensions.\n"); + } + if ((*pimg = img = dmImageAlloc(width, height, itype, -1)) == NULL) { res = dmError(DMERR_MALLOC, @@ -1258,11 +1265,13 @@ png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, &color_type, NULL, NULL, NULL); + dmMsg(2, "PNG: %d x %d, bit_depth=%d, color_type=%d\n", + width, height, bit_depth, color_type); + if (width < 1 || height < 1) { res = dmError(DMERR_INVALID_DATA, - "PNG: Invalid width or height (%d x %d)\n", - width, height); + "PNG: Invalid image dimensions.\n"); goto error; } @@ -1786,6 +1795,14 @@ "PCX: nplanes=%d, bpp=%d, bpl=%d, isPaletted=%s\n", hdr.nplanes, hdr.bitsPerPlane, hdr.bpl, isPaletted ? "yes" : "no"); + // Check image dimensions + if (hdr.xmin > hdr.xmax || hdr.ymin > hdr.ymax) + { + res = dmError(DMERR_INVALID_DATA, + "PCX: Invalid image dimensions.\n"); + goto error; + } + if (hdr.nplanes < 1 || hdr.nplanes > 8) { res = dmError(DMERR_NOT_SUPPORTED, @@ -2451,6 +2468,13 @@ dmMsg(2, "IFF: %s chunk size %d bytes\n", chunk.idStr, chunk.size); + // Check image dimensions + if (iff.bmhd.w == 0 || iff.bmhd.h == 0) + { + return dmError(DMERR_INVALID_DATA, + "IFF: Invalid image dimensions.\n"); + } + // Allocate image if ((*pimg = dmImageAlloc(iff.bmhd.w, iff.bmhd.h, iff.bmhd.nplanes <= 8 ? DM_PIXFMT_PALETTE : DM_PIXFMT_RGBA,