dave/openttd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(svn r22873) -Fix [FS#4747]: Validate image dimensions before loading. (Based on patch by monoid)

Browse Source
This commit is contained in:
michi_cc
2011-09-02 20:16:34 +00:00
parent 655d45e7d3
commit 6c7cbb1d46
3 changed files with 35 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/spriteloader/png.cpp
View File

@@ -108,7 +108,17 @@ static bool LoadPNG(SpriteLoader::Sprite *sprite, const char *filename, uint32 i
sprite->height = png_get_image_height(png_ptr, info_ptr);
sprite->width = png_get_image_width(png_ptr, info_ptr);
/* Check if sprite dimensions aren't larger than what is allowed in GRF-files. */
if (sprite->height > UINT8_MAX || sprite->width > UINT16_MAX) {
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return false;
}
sprite->AllocateData(sprite->width * sprite->height);
} else if (sprite->height != png_get_image_height(png_ptr, info_ptr) || sprite->width != png_get_image_width(png_ptr, info_ptr)) {
/* Make sure the mask image isn't larger than the sprite image. */
DEBUG(misc, 0, "Ignoring mask for SpriteID %d as it isn't the same dimension as the masked sprite", id);
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return true;
}
bit_depth = png_get_bit_depth(png_ptr, info_ptr);
@@ -116,6 +126,7 @@ static bool LoadPNG(SpriteLoader::Sprite *sprite, const char *filename, uint32 i
if (mask && (bit_depth != 8 || colour_type != PNG_COLOR_TYPE_PALETTE)) {
DEBUG(misc, 0, "Ignoring mask for SpriteID %d as it isn't a 8 bit palette image", id);
png_destroy_read_struct(&png_ptr, &info_ptr, &end_info);
return true;
}