summaryrefslogtreecommitdiff
path: root/Libraries/LibGfx
diff options
context:
space:
mode:
authorBen Wiederhake <BenWiederhake.GitHub@gmx.de>2020-12-01 22:22:20 +0100
committerAndreas Kling <kling@serenityos.org>2020-12-02 10:46:40 +0100
commit6be9b6349d617315600d2d5bda63d896d133e8d1 (patch)
tree73b1d0d76a50a2f1e8286c7902a3b17e816d5acf /Libraries/LibGfx
parent461bdeda2b54e478cc77f13c96991949a286af30 (diff)
downloadserenity-6be9b6349d617315600d2d5bda63d896d133e8d1.zip
LibGfx: Prevent potential heap-overflow in BMP non-RLE
Diffstat (limited to 'Libraries/LibGfx')
-rw-r--r--Libraries/LibGfx/BMPLoader.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/Libraries/LibGfx/BMPLoader.cpp b/Libraries/LibGfx/BMPLoader.cpp
index 2e37c840a6..72bad19642 100644
--- a/Libraries/LibGfx/BMPLoader.cpp
+++ b/Libraries/LibGfx/BMPLoader.cpp
@@ -1200,7 +1200,7 @@ static bool decode_bmp_pixel_data(BMPLoadingContext& context)
return false;
}
- auto buffer = ByteBuffer::wrap(const_cast<u8*>(context.file_bytes + context.data_offset), context.file_size);
+ auto buffer = ByteBuffer::wrap(const_cast<u8*>(context.file_bytes + context.data_offset), context.file_size - context.data_offset);
if (context.dib.info.compression == Compression::RLE4 || context.dib.info.compression == Compression::RLE8
|| context.dib.info.compression == Compression::RLE24) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 14:41:23 +0000