From 0ca7a81788db6f3c97974ccaf2e0f11c1bb78081 Mon Sep 17 00:00:00 2001
From: Sean Fox <dyntryx@gmail.com>
Date: Sat, 17 Jan 2009 23:41:52 +0000
Subject: Boundary check the bitmap offset. Kudos to Joonas Pihlaja.

svn path=/trunk/libnsbmp/; revision=6120
---
 libnsbmp.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libnsbmp.c b/libnsbmp.c
index 00b835c..ded7ff8 100644
--- a/libnsbmp.c
+++ b/libnsbmp.c
@@ -171,6 +171,10 @@ bmp_result bmp_analyse(bmp_image *bmp, size_t size, unsigned char *cdata) {
 	bmp->bitmap_offset = read_uint32(data, 10);
 	data += BMP_FILE_HEADER_SIZE;
 
+	/* boundary checking */
+	if (bmp->bitmap_offset >= size)
+		return BMP_INSUFFICIENT_DATA;
+
 	/* decode the BMP header */
 	return bmp_analyse_header(bmp, data);
 }
-- 
cgit v1.2.3