[Bf-blender-cvs] [32df09b2416] blender-v3.2-release: Fix T99705: fix integer overflow in thumbnail extractor
Ray Molenkamp
noreply at git.blender.org
Fri Jul 15 15:04:21 CEST 2022
Commit: 32df09b2416a6961704eca0fe73534c8c4e715b2
Author: Ray Molenkamp
Date: Thu Jul 14 12:18:35 2022 -0600
Branches: blender-v3.2-release
https://developer.blender.org/rB32df09b2416a6961704eca0fe73534c8c4e715b2
Fix T99705: fix integer overflow in thumbnail extractor
It was smart enough to check if the buffer had the right
size but neglected to cast to a 64 bit value so it
overflowed.
Differential Revision: https://developer.blender.org/D15457
Reviewed By: brecht
===================================================================
M source/blender/blendthumb/src/blendthumb_extract.cc
===================================================================
diff --git a/source/blender/blendthumb/src/blendthumb_extract.cc b/source/blender/blendthumb/src/blendthumb_extract.cc
index de1f50dfdce..369da559fc8 100644
--- a/source/blender/blendthumb/src/blendthumb_extract.cc
+++ b/source/blender/blendthumb/src/blendthumb_extract.cc
@@ -134,7 +134,8 @@ static eThumbStatus blendthumb_extract_from_file_impl(FileReader *file,
/* Verify that image dimensions and data size make sense. */
size_t data_size = block_size - 8;
- const size_t expected_size = thumb->width * thumb->height * 4;
+ const uint64_t expected_size = static_cast<uint64_t>(thumb->width) *
+ static_cast<uint64_t>(thumb->height) * 4;
if (thumb->width < 0 || thumb->height < 0 || data_size != expected_size) {
return BT_INVALID_THUMB;
}
More information about the Bf-blender-cvs
mailing list