diff options
| author | gman@google.com <gman@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-27 04:06:46 +0000 |
|---|---|---|
| committer | gman@google.com <gman@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-27 04:06:46 +0000 |
| commit | 938d42942fd8370fbcd81c272485b81142568ed2 (patch) | |
| tree | 96bee64a3aeeb7c9c98a1944b59c746affe38b13 /o3d | |
| parent | 22f5aaa21ecb93bef8b0171b50137e5bc1c838bd (diff) | |
| download | chromium_src-938d42942fd8370fbcd81c272485b81142568ed2.zip chromium_src-938d42942fd8370fbcd81c272485b81142568ed2.tar.gz chromium_src-938d42942fd8370fbcd81c272485b81142568ed2.tar.bz2 | |
Security fix for DDS files.
This CL make it check that the mip_count in the file is
a reasonable size.
Review URL: http://codereview.chromium.org/174583
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@24587 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'o3d')
| -rw-r--r-- | o3d/core/cross/bitmap_dds.cc | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/o3d/core/cross/bitmap_dds.cc b/o3d/core/cross/bitmap_dds.cc index 0b78cf8..9b47c30 100644 --- a/o3d/core/cross/bitmap_dds.cc +++ b/o3d/core/cross/bitmap_dds.cc @@ -330,6 +330,15 @@ bool Bitmap::LoadFromDDSStream(ServiceLocator* service_locator, << ", " << dds_height << ")."; return false; } + + if (mip_count > image::ComputeMipMapCount(dds_width, dds_height)) { + DLOG(ERROR) << "Failed to load " << filename + << ": mip count " << mip_count + << "is inconsistent with image dimensions (" + << dds_width<< ", " << dds_height << ")."; + return false; + } + // Check for cube maps bool is_cubemap = (dd_surface_descriptor.ddsCaps.dwCaps2 & DDSCAPS2_CUBEMAP) != 0; |