From 619cb58dd90b4e03ac68286c70ed98acbefd1c90 Mon Sep 17 00:00:00 2001 From: David Tschumperle Date: Thu, 7 Apr 2022 12:43:39 +0200 Subject: [PATCH] CImg<>::load_bmp() and CImg<>::load_pandore(): Check that dimensions encoded in file does not exceed file size. --- CImg.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/CImg.h b/CImg.h index 9dc5a551..5a049749 100644 --- a/CImg.h +++ b/CImg.h @@ -53184,6 +53184,7 @@ namespace cimg_library_suffixed { "load_bmp(): Specified filename is (null).", cimg_instance); + const ulongT fsiz = file?cimg::type::max():(ulongT)cimg::fsize(filename); std::FILE *const nfile = file?file:cimg::fopen(filename,"rb"); CImg header(54); cimg::fread(header._data,54,nfile); @@ -53220,6 +53221,12 @@ namespace cimg_library_suffixed { cimg_iobuffer = (ulongT)24*1024*1024, buf_size = (ulongT)cimg::abs(dy)*(dx_bytes + align_bytes); + if (buf_size>fsiz) + throw CImgIOException(_cimg_instance + "load_bmp(): File size %lu for filename '%s' does not match encoded image dimensions (%d,%d).", + cimg_instance, + (long)fsiz,filename?filename:"(FILE*)",dx,dy); + CImg colormap; if (bpp<16) { if (!nb_colors) nb_colors = 1<fsiz) \ + throw CImgIOException(_cimg_instance \ + "load_pandore(): File size %lu for filename '%s' does not match encoded image dimensions (%d,%d,%d,%d).",\ + cimg_instance,\ + (long)fsiz,filename?filename:"(FILE*)",(int)nwidth,(int)nheight,(int)ndepth,(int)ndim); \ assign(nwidth,nheight,ndepth,ndim); \ const size_t siz = size(); \ stype *buffer = new stype[siz]; \ @@ -55049,6 +55061,7 @@ namespace cimg_library_suffixed { "load_pandore(): Specified filename is (null).", cimg_instance); + const ulongT fsiz = file?cimg::type::max():(ulongT)cimg::fsize(filename); std::FILE *const nfile = file?file:cimg::fopen(filename,"rb"); CImg header(32); cimg::fread(header._data,12,nfile);