LibGfx: Protect against over-large bitmaps

author: Ben Wiederhake <BenWiederhake.GitHub@gmx.de> 2020-08-30 14:18:54 +0200
committer: Andreas Kling <kling@serenityos.org> 2020-09-12 00:13:29 +0200
commit: 52a797afdb047aaab9daaefbe7fe8a6ff5c129ba (patch)
tree: cf4606ba0ae659613c190354cee6b1f6afcb3f3c /Libraries
parent: 98bfcb4b5754948c921ed94851102883121eab5d (diff)
download: serenity-52a797afdb047aaab9daaefbe7fe8a6ff5c129ba.zip
1 files changed, 7 insertions, 2 deletions
diff --git a/Libraries/LibGfx/Bitmap.cpp b/Libraries/LibGfx/Bitmap.cpp
index cb8eb05aeb..8eceed6aaa 100644
--- a/Libraries/LibGfx/Bitmap.cpp
+++ b/Libraries/LibGfx/Bitmap.cpp
@@ -44,11 +44,16 @@
 
 namespace Gfx {
 
-static bool size_would_overflow(BitmapFormat format, const IntSize& size)
+static bool size_would_overflow(BitmapFormat, const IntSize& size)
 {
     if (size.width() < 0 || size.height() < 0)
         return true;
-    return Checked<size_t>::multiplication_would_overflow(size.width(), size.height(), Bitmap::bpp_for_format(format));
+    // This check is a bit arbitrary, but should protect us from most shenanigans:
+    if (size.width() >= 32768 || size.height() >= 32768)
+        return true;
+    // This check is absolutely necessary. Note that Bitmap::Bitmap always stores
+    // data as RGBA32 internally, so currently we ignore the indicated format.
+    return Checked<size_t>::multiplication_would_overflow(size.width(), size.height(), sizeof(RGBA32));
 }
 
 RefPtr<Bitmap> Bitmap::create(BitmapFormat format, const IntSize& size)
author	Ben Wiederhake <BenWiederhake.GitHub@gmx.de>	2020-08-30 14:18:54 +0200
committer	Andreas Kling <kling@serenityos.org>	2020-09-12 00:13:29 +0200
commit	52a797afdb047aaab9daaefbe7fe8a6ff5c129ba (patch)
tree	cf4606ba0ae659613c190354cee6b1f6afcb3f3c /Libraries
parent	98bfcb4b5754948c921ed94851102883121eab5d (diff)
download	serenity-52a797afdb047aaab9daaefbe7fe8a6ff5c129ba.zip