summaryrefslogtreecommitdiff
path: root/Userland/Libraries
diff options
context:
space:
mode:
authorJelle Raaijmakers <jelle@gmta.nl>2023-01-15 18:35:56 +0100
committerJelle Raaijmakers <jelle@gmta.nl>2023-01-15 19:59:33 +0100
commit5ed53b347459ccc71dc52a05e09ac16294523b57 (patch)
tree92bf95bee8168656b6cf801afff39d75aa90f011 /Userland/Libraries
parent68fa8525bfd5fd43bcc15d3ad5179412e4b4af98 (diff)
downloadserenity-5ed53b347459ccc71dc52a05e09ac16294523b57.zip
LibGfx: Prevent reading OOB in TGA header decode
Diffstat (limited to 'Userland/Libraries')
-rw-r--r--Userland/Libraries/LibGfx/TGALoader.cpp9
1 files changed, 4 insertions, 5 deletions
diff --git a/Userland/Libraries/LibGfx/TGALoader.cpp b/Userland/Libraries/LibGfx/TGALoader.cpp
index 71cea324a6..4f253fb9d3 100644
--- a/Userland/Libraries/LibGfx/TGALoader.cpp
+++ b/Userland/Libraries/LibGfx/TGALoader.cpp
@@ -151,8 +151,6 @@ private:
struct TGALoadingContext {
TGAHeader header;
- ReadonlyBytes bytes;
- size_t file_size;
OwnPtr<TGAReader> reader = { nullptr };
RefPtr<Gfx::Bitmap> bitmap;
};
@@ -160,9 +158,7 @@ struct TGALoadingContext {
TGAImageDecoderPlugin::TGAImageDecoderPlugin(u8 const* file_data, size_t file_size)
{
m_context = make<TGALoadingContext>();
- m_context->bytes = ReadonlyBytes(file_data, file_size);
- m_context->file_size = move(file_size);
- m_context->reader = make<TGAReader>(m_context->bytes);
+ m_context->reader = make<TGAReader>(ReadonlyBytes { file_data, file_size });
}
TGAImageDecoderPlugin::~TGAImageDecoderPlugin() = default;
@@ -188,6 +184,9 @@ bool TGAImageDecoderPlugin::set_nonvolatile(bool& was_purged)
bool TGAImageDecoderPlugin::decode_tga_header()
{
auto& reader = m_context->reader;
+ if (reader->data().size() < sizeof(TGAHeader))
+ return false;
+
m_context->header = TGAHeader();
m_context->header.id_length = reader->read_u8();
m_context->header.color_map_type = reader->read_u8();
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 13:31:02 +0000