static int write_24bit_data(io_glue *ig, i_img *im);
static int read_bmp_pal(io_glue *ig, i_img *im, int count);
static i_img *read_1bit_bmp(io_glue *ig, int xsize, int ysize, int clr_used,
- int compression, long offbits, int allow_partial);
+ int compression, long offbits, int allow_incomplete);
static i_img *read_4bit_bmp(io_glue *ig, int xsize, int ysize, int clr_used,
- int compression, long offbits, int allow_partial);
+ int compression, long offbits, int allow_incomplete);
static i_img *read_8bit_bmp(io_glue *ig, int xsize, int ysize, int clr_used,
- int compression, long offbits, int allow_partial);
+ int compression, long offbits, int allow_incomplete);
static i_img *read_direct_bmp(io_glue *ig, int xsize, int ysize,
int bit_count, int clr_used, int compression,
- long offbits, int allow_partial);
+ long offbits, int allow_incomplete);
/*
=item i_writebmp_wiol(im, io_glue)
*/
i_img *
-i_readbmp_wiol(io_glue *ig, int allow_partial) {
+i_readbmp_wiol(io_glue *ig, int allow_incomplete) {
int b_magic, m_magic, filesize, res1, res2, infohead_size;
int xsize, ysize, planes, bit_count, compression, size_image, xres, yres;
int clr_used, clr_important, offbits;
&xsize, &ysize, &planes,
&bit_count, &compression, &size_image, &xres, &yres,
&clr_used, &clr_important)) {
- i_push_error(0, "file too short");
+ i_push_error(0, "file too short to be a BMP file");
return 0;
}
if (b_magic != 'B' || m_magic != 'M' || infohead_size != INFOHEAD_SIZE
bit_count, compression, size_image, xres, yres, clr_used,
clr_important));
- if (!i_int_check_image_file_limits(xsize, ysize, 3, sizeof(i_sample_t))) {
+ if (!i_int_check_image_file_limits(xsize, abs(ysize), 3, sizeof(i_sample_t))) {
mm_log((1, "i_readbmp_wiol: image size exceeds limits\n"));
return NULL;
}
switch (bit_count) {
case 1:
im = read_1bit_bmp(ig, xsize, ysize, clr_used, compression, offbits,
- allow_partial);
+ allow_incomplete);
break;
case 4:
im = read_4bit_bmp(ig, xsize, ysize, clr_used, compression, offbits,
- allow_partial);
+ allow_incomplete);
break;
case 8:
im = read_8bit_bmp(ig, xsize, ysize, clr_used, compression, offbits,
- allow_partial);
+ allow_incomplete);
break;
case 32:
case 24:
case 16:
im = read_direct_bmp(ig, xsize, ysize, bit_count, clr_used, compression,
- offbits, allow_partial);
+ offbits, allow_incomplete);
break;
default:
*/
static i_img *
read_1bit_bmp(io_glue *ig, int xsize, int ysize, int clr_used,
- int compression, long offbits, int allow_partial) {
+ int compression, long offbits, int allow_incomplete) {
i_img *im;
int x, y, lasty, yinc, start_y;
i_palidx *line, *p;
if (ig->readcb(ig, packed, line_size) != line_size) {
myfree(packed);
myfree(line);
- if (allow_partial) {
+ if (allow_incomplete) {
i_tags_setn(&im->tags, "i_incomplete", 1);
i_tags_setn(&im->tags, "i_lines_read", abs(start_y - y));
return im;
*/
static i_img *
read_4bit_bmp(io_glue *ig, int xsize, int ysize, int clr_used,
- int compression, long offbits, int allow_partial) {
+ int compression, long offbits, int allow_incomplete) {
i_img *im;
int x, y, lasty, yinc;
i_palidx *line, *p;
if (ig->readcb(ig, packed, line_size) != line_size) {
myfree(packed);
myfree(line);
- if (allow_partial) {
+ if (allow_incomplete) {
i_tags_setn(&im->tags, "i_incomplete", 1);
i_tags_setn(&im->tags, "i_lines_read", abs(y - starty));
return im;
if (ig->readcb(ig, packed, 2) != 2) {
myfree(packed);
myfree(line);
- if (allow_partial) {
+ if (allow_incomplete) {
i_tags_setn(&im->tags, "i_incomplete", 1);
i_tags_setn(&im->tags, "i_lines_read", abs(y - starty));
return im;
}
}
else if (packed[0]) {
+ if (x + packed[0] > xsize) {
+ /* this file is corrupt */
+ myfree(packed);
+ myfree(line);
+ i_push_error(0, "invalid data during decompression");
+ i_img_destroy(im);
+ return NULL;
+ }
line[0] = packed[1] >> 4;
line[1] = packed[1] & 0x0F;
for (i = 0; i < packed[0]; i += 2) {
if (ig->readcb(ig, packed, 2) != 2) {
myfree(packed);
myfree(line);
- if (allow_partial) {
+ if (allow_incomplete) {
i_tags_setn(&im->tags, "i_incomplete", 1);
i_tags_setn(&im->tags, "i_lines_read", abs(y - starty));
return im;
default:
count = packed[1];
+ if (x + count > xsize) {
+ /* this file is corrupt */
+ myfree(packed);
+ myfree(line);
+ i_push_error(0, "invalid data during decompression");
+ i_img_destroy(im);
+ return NULL;
+ }
size = (count + 1) / 2;
read_size = (size+1) / 2 * 2;
if (ig->readcb(ig, packed, read_size) != read_size) {
myfree(packed);
myfree(line);
- if (allow_partial) {
+ if (allow_incomplete) {
i_tags_setn(&im->tags, "i_incomplete", 1);
i_tags_setn(&im->tags, "i_lines_read", abs(y - starty));
return im;
}
/*
-=item read_8bit_bmp(ig, xsize, ysize, clr_used, compression, allow_partial)
+=item read_8bit_bmp(ig, xsize, ysize, clr_used, compression, allow_incomplete)
Reads in the palette and image data for a 8-bit/pixel image.
*/
static i_img *
read_8bit_bmp(io_glue *ig, int xsize, int ysize, int clr_used,
- int compression, long offbits, int allow_partial) {
+ int compression, long offbits, int allow_incomplete) {
i_img *im;
int x, y, lasty, yinc, start_y;
i_palidx *line;
while (y != lasty) {
if (ig->readcb(ig, line, line_size) != line_size) {
myfree(line);
- if (allow_partial) {
+ if (allow_incomplete) {
i_tags_setn(&im->tags, "i_incomplete", 1);
i_tags_setn(&im->tags, "i_lines_read", abs(start_y - y));
return im;
/* there's always at least 2 bytes in a sequence */
if (ig->readcb(ig, packed, 2) != 2) {
myfree(line);
- if (allow_partial) {
+ if (allow_incomplete) {
i_tags_setn(&im->tags, "i_incomplete", 1);
i_tags_setn(&im->tags, "i_lines_read", abs(start_y-y));
return im;
}
}
if (packed[0]) {
+ if (x + packed[0] > xsize) {
+ /* this file isn't incomplete, it's corrupt */
+ myfree(line);
+ i_push_error(0, "invalid data during decompression");
+ i_img_destroy(im);
+ return NULL;
+ }
memset(line, packed[1], packed[0]);
i_ppal(im, x, x+packed[0], y, line);
x += packed[0];
case BMPRLE_DELTA:
if (ig->readcb(ig, packed, 2) != 2) {
myfree(line);
- if (allow_partial) {
+ if (allow_incomplete) {
i_tags_setn(&im->tags, "i_incomplete", 1);
i_tags_setn(&im->tags, "i_lines_read", abs(start_y-y));
return im;
default:
count = packed[1];
+ if (x + count > xsize) {
+ /* runs shouldn't cross a line boundary */
+ /* this file isn't incomplete, it's corrupt */
+ myfree(line);
+ i_push_error(0, "invalid data during decompression");
+ i_img_destroy(im);
+ return NULL;
+ }
read_size = (count+1) / 2 * 2;
if (ig->readcb(ig, line, read_size) != read_size) {
myfree(line);
- if (allow_partial) {
+ if (allow_incomplete) {
i_tags_setn(&im->tags, "i_incomplete", 1);
i_tags_setn(&im->tags, "i_lines_read", abs(start_y-y));
return im;
};
/*
-=item read_direct_bmp(ig, xsize, ysize, bit_count, clr_used, compression, allow_partial)
+=item read_direct_bmp(ig, xsize, ysize, bit_count, clr_used, compression, allow_incomplete)
Skips the palette and reads in the image data for a direct colour image.
static i_img *
read_direct_bmp(io_glue *ig, int xsize, int ysize, int bit_count,
int clr_used, int compression, long offbits,
- int allow_partial) {
+ int allow_incomplete) {
i_img *im;
- int x, y, lasty, yinc;
+ int x, y, starty, lasty, yinc;
i_color *line, *p;
int pix_size = bit_count / 8;
int line_size = xsize * pix_size;
extras = line_size - xsize * pix_size;
if (ysize > 0) {
- y = ysize-1;
+ starty = ysize-1;
lasty = -1;
yinc = -1;
}
else {
/* when ysize is -ve it's a top-down image */
ysize = -ysize;
- y = 0;
+ starty = 0;
lasty = ysize;
yinc = 1;
}
+ y = starty;
if (compression == BI_RGB) {
compression_name = "BI_RGB";
masks = std_masks[pix_size-2];
return NULL;
}
+ if (offbits < base_offset) {
+ i_push_errorf(0, "image data offset too small (%ld)", offbits);
+ return NULL;
+ }
+
if (offbits > base_offset) {
/* this will be slow if the offset is large, but that should be
rare */
unsigned pixel;
if (!read_packed(ig, unpack_code, &pixel)) {
myfree(line);
- if (allow_partial) {
+ if (allow_incomplete) {
i_tags_setn(&im->tags, "i_incomplete", 1);
- i_tags_setn(&im->tags, "i_lines_read", lasty - y);
+ i_tags_setn(&im->tags, "i_lines_read", abs(starty - y));
return im;
}
else {
projects / imager.git / blobdiff