Skip to content

O
opencv
Commit 8a76fada authored by Alexander Alekhin's avatar Alexander Alekhin
Browse files
Options

imgcodecs: add overflow checks

parent be524792
Show whitespace changes
Inline Side-by-side
Showing with 8 additions and 1 deletion
modules/imgcodecs/src/bitstrm.cpp
View file @ 8a76fada
...@@ -42,6 +42,7 @@ ...@@ -42,6 +42,7 @@
#include "precomp.hpp" #include "precomp.hpp"
#include "bitstrm.hpp" #include "bitstrm.hpp"
#include "utils.hpp"
namespace cv namespace cv
{ {
...@@ -183,13 +184,18 @@ void RBaseStream::setPos( int pos ) ...@@ -183,13 +184,18 @@ void RBaseStream::setPos( int pos )
int RBaseStream::getPos() int RBaseStream::getPos()
{ {
CV_Assert(isOpened()); CV_Assert(isOpened());
return m_block_pos + (int)(m_current - m_start); int pos = validateToInt((m_current - m_start) + m_block_pos);
CV_Assert(pos >= m_block_pos); // overflow check
CV_Assert(pos >= 0); // overflow check
return pos;
} }
void RBaseStream::skip( int bytes ) void RBaseStream::skip( int bytes )
{ {
CV_Assert(bytes >= 0); CV_Assert(bytes >= 0);
uchar* old = m_current;
m_current += bytes; m_current += bytes;
CV_Assert(m_current >= old); // overflow check
} }
///////////////////////// RLByteStream //////////////////////////// ///////////////////////// RLByteStream ////////////////////////////
......
modules/imgcodecs/src/grfmt_bmp.cpp
View file @ 8a76fada
...@@ -95,6 +95,7 @@ bool BmpDecoder::readHeader() ...@@ -95,6 +95,7 @@ bool BmpDecoder::readHeader()
m_offset = m_strm.getDWord(); m_offset = m_strm.getDWord();
int size = m_strm.getDWord(); int size = m_strm.getDWord();
CV_Assert(size > 0); // overflow, 2Gb limit
if( size >= 36 ) if( size >= 36 )
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment