diff options
| author | Matthias Melcher <github@matthiasm.com> | 2022-12-17 16:01:35 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-17 16:01:35 +0100 |
| commit | 12da87ba0c11a7b46d6cdc5716f0b30523898429 (patch) | |
| tree | 3403a5954fdc7641bcb3387f5b1cf78e85bb08cc /src/Fl_Image.cxx | |
| parent | 08f6741d7b0115787309c9ee4800ecbe317c3c07 (diff) | |
Adding length checks for in-memory image data (see #542) (#592)
SVG is now decompressed in memory
Bitmap invalid array length handling to return an error
RGB Image data reader to return error if image data is too short
FLUID: Add size argument to bitmap and JPEG data
Diffstat (limited to 'src/Fl_Image.cxx')
| -rw-r--r-- | src/Fl_Image.cxx | 52 |
1 files changed, 47 insertions, 5 deletions
diff --git a/src/Fl_Image.cxx b/src/Fl_Image.cxx index a4dd6d921..5845bc101 100644 --- a/src/Fl_Image.cxx +++ b/src/Fl_Image.cxx @@ -22,6 +22,8 @@ #include <FL/Fl_Image.H> #include "flstring.h" +#include <stdlib.h> + void fl_restore_clip(); // from fl_rect.cxx // @@ -187,11 +189,12 @@ void Fl_Image::label(Fl_Menu_Item* m) { box.image(jpg); \endcode - \returns Image load failure if non-zero - \retval 0 the image was loaded successfully - \retval ERR_NO_IMAGE no image was found - \retval ERR_FILE_ACCESS there was a file access related error (errno should be set) - \retval ERR_FORMAT image decoding failed + \returns Image load failure if non-zero + \retval 0 the image was loaded successfully + \retval ERR_NO_IMAGE no image was found + \retval ERR_FILE_ACCESS there was a file access related error (errno should be set) + \retval ERR_FORMAT image decoding failed + \retval ERR_MEMORY_ACCESS image decoder tried to access memory outside of given memory block */ int Fl_Image::fail() const { // if no image exists, ld_ may contain a simple error code @@ -378,6 +381,45 @@ Fl_RGB_Image::Fl_RGB_Image(const uchar *bits, int W, int H, int D, int LD) : /** + The constructor creates a new image from the specified data. + + If the provided array is too small to contain all the image data, the + constructor will not generate the image to avoid illegal memory read + access and instead set \c data to NULL and \c ld to \c ERR_MEMORY_ACCESS. + + \param bits image data + \param bit_length length of the \p bits array in bytes + \param W image width in pixels + \param H image height in pixels + \param D image depth in bytes, 1 for gray scale, 2 for gray with alpha, + 3 for RGB, and 4 for RGB plus alpha + \param LD line length in bytes, or 0 to use W*D. + + \see Fl_RGB_Image(const uchar *bits, int W, int H, int D, int LD) + */ +Fl_RGB_Image::Fl_RGB_Image(const uchar *bits, int bits_length, int W, int H, int D, int LD) : + Fl_Image(W,H,D), + array(bits), + alloc_array(0), + id_(0), + mask_(0), + cache_w_(0), cache_h_(0) +{ + if (D == 0) D = 3; + if (LD == 0) LD = W*D; + int min_length = LD*(H-1) + W*D; + if (bits_length >= min_length) { + data((const char **)&array, 1); + ld(LD); + } else { + array = NULL; + data(NULL, 0); + ld(ERR_MEMORY_ACCESS); + } +} + + +/** The constructor creates a new RGBA image from the specified Fl_Pixmap. The RGBA image is built fully opaque except for the transparent area |