mirror of
https://github.com/UberGames/ioef.git
synced 2024-11-24 13:11:30 +00:00
integer overflow safeguards
This commit is contained in:
parent
4eec54c338
commit
f65dbd4351
1 changed files with 14 additions and 6 deletions
|
@ -23,6 +23,11 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
|||
|
||||
#include "../qcommon/puff.h"
|
||||
|
||||
// we could limit the png size to a lower value here
|
||||
#ifndef INT_MAX
|
||||
#define INT_MAX 0x1fffffff
|
||||
#endif
|
||||
|
||||
/*
|
||||
=================
|
||||
PNG LOADING
|
||||
|
@ -287,7 +292,7 @@ static void CloseBufferedFile(struct BufferedFile *BF)
|
|||
* Get a pointer to the requested bytes.
|
||||
*/
|
||||
|
||||
static void *BufferedFileRead(struct BufferedFile *BF, int Length)
|
||||
static void *BufferedFileRead(struct BufferedFile *BF, unsigned Length)
|
||||
{
|
||||
void *RetVal;
|
||||
|
||||
|
@ -329,9 +334,9 @@ static void *BufferedFileRead(struct BufferedFile *BF, int Length)
|
|||
* Rewind the buffer.
|
||||
*/
|
||||
|
||||
static qboolean BufferedFileRewind(struct BufferedFile *BF, int Offset)
|
||||
static qboolean BufferedFileRewind(struct BufferedFile *BF, unsigned Offset)
|
||||
{
|
||||
int BytesRead;
|
||||
unsigned BytesRead;
|
||||
|
||||
/*
|
||||
* input verification
|
||||
|
@ -346,7 +351,7 @@ static qboolean BufferedFileRewind(struct BufferedFile *BF, int Offset)
|
|||
* special trick to rewind to the beginning of the buffer
|
||||
*/
|
||||
|
||||
if(Offset == -1)
|
||||
if(Offset == (unsigned)-1)
|
||||
{
|
||||
BF->Ptr = BF->Buffer;
|
||||
BF->BytesLeft = BF->Length;
|
||||
|
@ -383,7 +388,7 @@ static qboolean BufferedFileRewind(struct BufferedFile *BF, int Offset)
|
|||
* Skip some bytes.
|
||||
*/
|
||||
|
||||
static qboolean BufferedFileSkip(struct BufferedFile *BF, int Offset)
|
||||
static qboolean BufferedFileSkip(struct BufferedFile *BF, unsigned Offset)
|
||||
{
|
||||
/*
|
||||
* input verification
|
||||
|
@ -2041,10 +2046,13 @@ void LoadPNG(const char *name, byte **pic, int *width, int *height)
|
|||
* Check if Width and Height are valid.
|
||||
*/
|
||||
|
||||
if(!((IHDR_Width > 0) && (IHDR_Height > 0)))
|
||||
if(!((IHDR_Width > 0) && (IHDR_Height > 0))
|
||||
|| IHDR_Width > INT_MAX / Q3IMAGE_BYTESPERPIXEL / IHDR_Height)
|
||||
{
|
||||
CloseBufferedFile(ThePNG);
|
||||
|
||||
Com_Printf(S_COLOR_YELLOW "%s: invalid image size\n", name);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue