bmp: Ensure that bf_offset + bf_size <= file size

2025-01-21 03:52:04 +03:00 · 2021-09-25 02:02:21 +02:00 · 2021-09-25 02:02:21 +02:00 · b7176d5cfa
commit b7176d5cfa
parent 5374e4e1f2
1 changed files with 9 additions and 1 deletions
--- a/stage23/lib/bmp.c
+++ b/stage23/lib/bmp.c
@ -40,7 +40,15 @@ int bmp_open_image(struct image *image, struct file_handle *file) {
        return -1;

    image->img = ext_mem_alloc(header.bf_size);
-    fread(file, image->img, header.bf_offset, header.bf_size);
+
+    uint32_t bf_size;
+    if (header.bf_offset + header.bf_size > file->size) {
+        bf_size = file->size - header.bf_offset;
+    } else {
+        bf_size = header.bf_size;
+    }
+
+    fread(file, image->img, header.bf_offset, bf_size);

    image->x_size     = header.bi_width;
    image->y_size     = header.bi_height;