1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
From: Roland Clobus <rclobus@rclobus.nl>
Date: Sat, 5 Apr 2025 10:14:52 +0200
Subject: Fix buffer overflow in isotovideo
When the ZRLE compressed image has a larger resolution than the current
image, resize the image to prevent a buffer overflow.
Fixes https://github.com/os-autoinst/os-autoinst/issues/2679
---
ppmclibs/tinycv_impl.cc | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/ppmclibs/tinycv_impl.cc b/ppmclibs/tinycv_impl.cc
index cb6c258..68b414e 100644
--- a/ppmclibs/tinycv_impl.cc
+++ b/ppmclibs/tinycv_impl.cc
@@ -806,6 +806,12 @@ long image_map_raw_data_zrle(Image* a, long x, long y, long w, long h,
size_t offset = 0;
int orig_w = w;
int orig_x = x;
+ long max_x = max(x + w, image_xres(a));
+ long max_y = max(y + h, image_yres(a));
+ if ((image_xres(a) < max_x) || (image_yres(a) < max_y)) {
+ /* If the current image is too small, create a new, bigger one */
+ a->img = Mat::zeros(max_y, max_x, a->img.type());
+ }
while (h > 0) {
w = orig_w;
x = orig_x;
|
