diff options
| author | Sean Fox <dyntryx@gmail.com> | 2009-01-17 23:41:52 +0000 |
|---|---|---|
| committer | Sean Fox <dyntryx@gmail.com> | 2009-01-17 23:41:52 +0000 |
| commit | 0ca7a81788db6f3c97974ccaf2e0f11c1bb78081 (patch) | |
| tree | 67cefc48ec7e0f9249c52971cd92f87fd867115a | |
| parent | 8bb4a9dcda81a0107f08ae95de556df0c293a55f (diff) | |
| download | libnsbmp-0ca7a81788db6f3c97974ccaf2e0f11c1bb78081.tar.gz libnsbmp-0ca7a81788db6f3c97974ccaf2e0f11c1bb78081.tar.bz2 | |
Boundary check the bitmap offset. Kudos to Joonas Pihlaja.
svn path=/trunk/libnsbmp/; revision=6120
| -rw-r--r-- | libnsbmp.c | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -171,6 +171,10 @@ bmp_result bmp_analyse(bmp_image *bmp, size_t size, unsigned char *cdata) { bmp->bitmap_offset = read_uint32(data, 10); data += BMP_FILE_HEADER_SIZE; + /* boundary checking */ + if (bmp->bitmap_offset >= size) + return BMP_INSUFFICIENT_DATA; + /* decode the BMP header */ return bmp_analyse_header(bmp, data); } |