texconv: Updated PPM/PFM reader with explicit bounds check (#409)
This commit is contained in:
Chuck Walbourn
GitHub
Родитель
f58c30705b
Коммит
d0bcc504eb
|
|
@ -194,8 +194,11 @@ HRESULT __cdecl LoadFromPortablePixMap(
|
|||
if (*pData != '\n')
|
||||
return E_FAIL;
|
||||
|
||||
pData++;
|
||||
ppmSize--;
|
||||
if (ppmSize > 1)
|
||||
{
|
||||
pData++;
|
||||
ppmSize--;
|
||||
}
|
||||
|
||||
while (ppmSize > 0 && (pixels < pixelEnd))
|
||||
{
|
||||
|
|
@ -205,6 +208,10 @@ HRESULT __cdecl LoadFromPortablePixMap(
|
|||
| 0xff000000;
|
||||
|
||||
pData += 3;
|
||||
if (ppmSize < 3)
|
||||
{
|
||||
return HRESULT_FROM_WIN32(ERROR_HANDLE_EOF);
|
||||
}
|
||||
ppmSize -= 3;
|
||||
}
|
||||
|
||||
|
|
@ -254,14 +261,24 @@ HRESULT __cdecl LoadFromPortablePixMap(
|
|||
if (u == 0)
|
||||
return E_FAIL;
|
||||
|
||||
if (u > INT32_MAX)
|
||||
{
|
||||
return HRESULT_FROM_WIN32(ERROR_FILE_TOO_LARGE);
|
||||
}
|
||||
|
||||
width = u;
|
||||
break;
|
||||
|
||||
case PPM_HEIGHT:
|
||||
{
|
||||
if (u == 0)
|
||||
if (u == 0 || width == 0)
|
||||
return E_FAIL;
|
||||
|
||||
if (u > INT32_MAX)
|
||||
{
|
||||
return HRESULT_FROM_WIN32(ERROR_FILE_TOO_LARGE);
|
||||
}
|
||||
|
||||
if (metadata)
|
||||
{
|
||||
*metadata = {};
|
||||
|
|
@ -343,6 +360,11 @@ HRESULT __cdecl SaveToPortablePixMap(
|
|||
return HRESULT_FROM_WIN32(ERROR_NOT_SUPPORTED);
|
||||
}
|
||||
|
||||
if ((image.width > INT32_MAX) || (image.height > INT32_MAX))
|
||||
{
|
||||
return HRESULT_FROM_WIN32(ERROR_NOT_SUPPORTED);
|
||||
}
|
||||
|
||||
char header[256] = {};
|
||||
const int len = sprintf_s(header, "P6\n%zu %zu\n255\n", image.width, image.height);
|
||||
if (len == -1)
|
||||
|
|
@ -458,6 +480,10 @@ HRESULT __cdecl LoadFromPortablePixMapHDR(
|
|||
break;
|
||||
|
||||
pData += len + 1;
|
||||
if (pfmSize < (len + 1))
|
||||
{
|
||||
return HRESULT_FROM_WIN32(ERROR_HANDLE_EOF);
|
||||
}
|
||||
pfmSize -= len + 1;
|
||||
if (!pfmSize)
|
||||
return E_FAIL;
|
||||
|
|
@ -471,7 +497,16 @@ HRESULT __cdecl LoadFromPortablePixMapHDR(
|
|||
if (sscanf_s(dataStr, "%zu %zu%s", &width, &height, junkStr, 256) != 2)
|
||||
return E_FAIL;
|
||||
|
||||
if ((width > INT32_MAX) || (height > UINT32_MAX))
|
||||
{
|
||||
return HRESULT_FROM_WIN32(ERROR_FILE_TOO_LARGE);
|
||||
}
|
||||
|
||||
pData += len + 1;
|
||||
if (pfmSize < (len + 1))
|
||||
{
|
||||
return HRESULT_FROM_WIN32(ERROR_HANDLE_EOF);
|
||||
}
|
||||
pfmSize -= len + 1;
|
||||
if (!pfmSize)
|
||||
return E_FAIL;
|
||||
|
|
@ -488,6 +523,10 @@ HRESULT __cdecl LoadFromPortablePixMapHDR(
|
|||
break;
|
||||
|
||||
pData += len + 1;
|
||||
if (pfmSize < (len + 1))
|
||||
{
|
||||
return HRESULT_FROM_WIN32(ERROR_HANDLE_EOF);
|
||||
}
|
||||
pfmSize -= len + 1;
|
||||
if (!pfmSize)
|
||||
return E_FAIL;
|
||||
|
|
@ -502,6 +541,10 @@ HRESULT __cdecl LoadFromPortablePixMapHDR(
|
|||
const bool bigendian = (aspectRatio >= 0);
|
||||
|
||||
pData += len + 1;
|
||||
if (pfmSize < (len + 1))
|
||||
{
|
||||
return HRESULT_FROM_WIN32(ERROR_HANDLE_EOF);
|
||||
}
|
||||
pfmSize -= len + 1;
|
||||
if (!pfmSize)
|
||||
return E_FAIL;
|
||||
|
|
@ -636,6 +679,11 @@ HRESULT __cdecl SaveToPortablePixMapHDR(
|
|||
return HRESULT_FROM_WIN32(ERROR_NOT_SUPPORTED);
|
||||
}
|
||||
|
||||
if ((image.width > INT32_MAX) || (image.height > INT32_MAX))
|
||||
{
|
||||
return HRESULT_FROM_WIN32(ERROR_NOT_SUPPORTED);
|
||||
}
|
||||
|
||||
char header[256] = {};
|
||||
const int len = sprintf_s(header, "P%c\n%zu %zu\n-1.000000\n",
|
||||
(image.format == DXGI_FORMAT_R32_FLOAT) ? 'f' : 'F',
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче