Lerking/gtk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

gdkpng: Make the png loader safer against overflows

Browse Source 
Load images that result in a texture >4GB in size.

And now let me keep playing with my 60k x 60k image, thanks.
I'm trying to OOM my GPU.
This commit is contained in:
Benjamin Otte
2024-01-02 00:54:36 +01:00
parent 7742434dde
commit 3e4d0b69d4
1 changed files with 11 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
gdk/loaders/gdkpng.c
View File

@@ -137,8 +137,9 @@ gdk_load_png (GBytes *bytes,
png_struct *png = NULL;
png_info *info;
guint width, height;
gsize i, stride;
int depth, color_type;
int interlace, stride;
int interlace;
GdkMemoryFormat format;
guchar *buffer = NULL;
guchar **row_pointers = NULL;
@@ -263,9 +264,14 @@ gdk_load_png (GBytes *bytes,
}
bpp = gdk_memory_format_bytes_per_pixel (format);
stride = width * bpp;
if (stride % 8)
stride += 8 - stride % 8;
if (!g_size_checked_mul (&stride, width, bpp) ||
!g_size_checked_add (&stride, stride, (8 - stride % 8) % 8))
{
g_set_error (error,
GDK_TEXTURE_ERROR, GDK_TEXTURE_ERROR_TOO_LARGE,
_("Image stride too large for image size %ux%u"), width, height);
return NULL;
}
buffer = g_try_malloc_n (height, stride);
row_pointers = g_try_malloc_n (height, sizeof (char *));
@@ -281,7 +287,7 @@ gdk_load_png (GBytes *bytes,
return NULL;
}
for (int i = 0; i < height; i++)
for (i = 0; i < height; i++)
row_pointers[i] = &buffer[i * stride];
png_read_image (png, row_pointers);