PNM header decoder: add some basic numerical validation

see spec: http://netpbm.sourceforge.net/doc/ppm.html

Change-Id: I55e01f8cec79f9124e72d5f3d05be4ad0deae315
This commit is contained in:
Pascal Massimino 2017-02-01 15:03:11 +01:00
parent 17c7890cba
commit 1e7ad88b85

View File

@ -63,6 +63,12 @@ static size_t ReadHeader(const uint8_t* const data, size_t data_size,
if (off == 0 || sscanf(out, "%d %d", width, height) != 2) return 0; if (off == 0 || sscanf(out, "%d %d", width, height) != 2) return 0;
off = ReadLine(data, off, data_size, out, &out_size); off = ReadLine(data, off, data_size, out, &out_size);
if (off == 0 || sscanf(out, "%d", max_value) != 1) return 0; if (off == 0 || sscanf(out, "%d", max_value) != 1) return 0;
// perform some basic numerical validation
if (*width <= 0 || *height <= 0 ||
*type <= 0 || *type >= 9 ||
*max_value <= 0 || *max_value >= 65536) {
return 0;
}
return off; return off;
} }
@ -86,8 +92,7 @@ int ReadPNM(const uint8_t* const data, size_t data_size,
// Some basic validations. // Some basic validations.
if (pic == NULL) goto End; if (pic == NULL) goto End;
if (width <= 0 || height <= 0 || if (width > WEBP_MAX_DIMENSION || height > WEBP_MAX_DIMENSION) {
width > WEBP_MAX_DIMENSION || height > WEBP_MAX_DIMENSION) {
fprintf(stderr, "Invalid %dx%d dimension for PNM\n", width, height); fprintf(stderr, "Invalid %dx%d dimension for PNM\n", width, height);
goto End; goto End;
} }