edg-l/ddnet
1
0
Fork 0
mirror of https://github.com/ddnet/ddnet.git synced 2024-09-19 17:14:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix undefined behavior on loading empty PNG files

Browse source 
When empty PNG files are loaded, the `std::vector` for the file contents is resized to size 0, which results in undefined behavior when it is accessed with `front`.

When `io_tell` fails, i.e. returns `-1`, this was incorrectly cast to an `unsigned` and therefore caused a very large allocation and potentially crashes due to lack of memory.
This commit is contained in:
Robert Müller 2024-02-03 19:11:16 +01:00
parent 7d0e9e86c1
commit a8f3b56850
5 changed files with 34 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/engine/client/graphics_threaded.cpp
View file

@ -584,7 +584,13 @@ bool CGraphics_Threaded::LoadPNG(CImageInfo *pImg, const char *pFilename, int St
if(File)
{
io_seek(File, 0, IOSEEK_END);
unsigned int FileSize = io_tell(File);
long int FileSize = io_tell(File);
if(FileSize <= 0)
{
io_close(File);
log_error("game/png", "failed to get file size (%ld). filename='%s'", FileSize, pFilename);
return false;
}
io_seek(File, 0, IOSEEK_START);
TImageByteBuffer ByteBuffer;

8
src/tools/dilate.cpp
View file

@ -12,7 +12,13 @@ int DilateFile(const char *pFilename)
if(File)
{
io_seek(File, 0, IOSEEK_END);
unsigned int FileSize = io_tell(File);
long int FileSize = io_tell(File);
if(FileSize <= 0)
{
io_close(File);
dbg_msg("dilate", "failed to get file size (%ld). filename='%s'", FileSize, pFilename);
return false;
}
io_seek(File, 0, IOSEEK_START);
TImageByteBuffer ByteBuffer;
SImageByteBuffer ImageByteBuffer(&ByteBuffer);

8
src/tools/map_convert_07.cpp
View file

@ -31,7 +31,13 @@ int LoadPNG(CImageInfo *pImg, const char *pFilename)
if(File)
{
io_seek(File, 0, IOSEEK_END);
unsigned int FileSize = io_tell(File);
long int FileSize = io_tell(File);
if(FileSize <= 0)
{
io_close(File);
dbg_msg("map_convert_07", "failed to get file size (%ld). filename='%s'", FileSize, pFilename);
return false;
}
io_seek(File, 0, IOSEEK_START);
TImageByteBuffer ByteBuffer;
SImageByteBuffer ImageByteBuffer(&ByteBuffer);

8
src/tools/map_create_pixelart.cpp
View file

@ -319,7 +319,13 @@ bool LoadPNG(CImageInfo *pImg, const char *pFilename)
}
io_seek(File, 0, IOSEEK_END);
unsigned int FileSize = io_tell(File);
long int FileSize = io_tell(File);
if(FileSize <= 0)
{
io_close(File);
dbg_msg("map_create_pixelart", "ERROR: Failed to get file size (%ld). filename='%s'", FileSize, pFilename);
return false;
}
io_seek(File, 0, IOSEEK_START);
TImageByteBuffer ByteBuffer;
SImageByteBuffer ImageByteBuffer(&ByteBuffer);

7
src/tools/map_replace_image.cpp
View file

@ -29,7 +29,12 @@ bool LoadPNG(CImageInfo *pImg, const char *pFilename)
if(File)
{
io_seek(File, 0, IOSEEK_END);
unsigned int FileSize = io_tell(File);
long int FileSize = io_tell(File);
if(FileSize <= 0)
{
io_close(File);
return false;
}
io_seek(File, 0, IOSEEK_START);
TImageByteBuffer ByteBuffer;
SImageByteBuffer ImageByteBuffer(&ByteBuffer);