Changeset - r26713:6cb3f41e70c5
Parent rev.
Child rev.
[Not reviewed]
master
0 1 0
Rubidium - 20 months ago 2023-01-03 17:50:33
rubidium@openttd.org
Fix: do not allow more palette colours than there are indices for the colours

Or: do not pass unchecked size from BMP file into memory allocation
1 file changed with 6 insertions and 1 deletions:
src/bmp.cpp
6
1
0 comments (0 inline, 0 general)
src/bmp.cpp
Show inline comments
 
@@ -367,7 +367,12 @@ bool BmpReadHeader(BmpBuffer *buffer, Bm
 
			info->palette_size = ReadDword(buffer); // number of colours in palette
 
			SkipBytes(buffer, header_size - 16);    // skip the end of info header
 
		}
 
		if (info->palette_size == 0) info->palette_size = 1 << info->bpp;
 

			




	
	
	
		
 
		uint maximum_palette_size = 1U << info->bpp;

			




	
	
	
		
 
		if (info->palette_size == 0) info->palette_size = maximum_palette_size;

			




	
	
	
		
 

			




	
	
	
		
 
		/* More palette colours than palette indices is not supported. */

			




	
	
	
		
 
		if (info->palette_size > maximum_palette_size) return false;

			




	
	
	
		
 

			




	
	
	
		
 
		data->palette = CallocT<Colour>(info->palette_size);

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        Server instance: code.theleruby.com-48
    
    
        This site is powered by
            Kallithea,
        which is
        © 2010–2022 by various authors & licensed under GPLv3.
            – Support