[Bf-blender-cvs] [b1329d7eaa5] master: Fix T99705: fix integer overflow in thumbnail extractor
Ray Molenkamp
noreply at git.blender.org
Thu Jul 14 20:18:03 CEST 2022
Commit: b1329d7eaa52a11c73b75d19d20bd8f6d11ac535
Author: Ray Molenkamp
Date: Thu Jul 14 12:18:35 2022 -0600
Branches: master
https://developer.blender.org/rBb1329d7eaa52a11c73b75d19d20bd8f6d11ac535
Fix T99705: fix integer overflow in thumbnail extractor
It was smart enough to check if the buffer had the right
size but neglected to cast to a 64 bit value so it
overflowed.
Differential Revision: https://developer.blender.org/D15457
Reviewed By: brecht
===================================================================
M source/blender/blendthumb/src/blendthumb_extract.cc
===================================================================
diff --git a/source/blender/blendthumb/src/blendthumb_extract.cc b/source/blender/blendthumb/src/blendthumb_extract.cc
index de1f50dfdce..369da559fc8 100644
--- a/source/blender/blendthumb/src/blendthumb_extract.cc
+++ b/source/blender/blendthumb/src/blendthumb_extract.cc
@@ -134,7 +134,8 @@ static eThumbStatus blendthumb_extract_from_file_impl(FileReader *file,
/* Verify that image dimensions and data size make sense. */
size_t data_size = block_size - 8;
- const size_t expected_size = thumb->width * thumb->height * 4;
+ const uint64_t expected_size = static_cast<uint64_t>(thumb->width) *
+ static_cast<uint64_t>(thumb->height) * 4;
if (thumb->width < 0 || thumb->height < 0 || data_size != expected_size) {
return BT_INVALID_THUMB;
}
More information about the Bf-blender-cvs
mailing list