changeset 1204:ca1015d98f7a

check for suspicious image size requests in FltkImgbuf::getScaledBuf() In addition to the test in html.cc we need to check here for excessive image sizes because * images can be scaled preserving their original aspect ratio by just specifing one dimension * image sizes can be specified via CSS.
author Johannes Hofmann <Johannes.Hofmann@gmx.de>
date Mon, 29 Jun 2009 20:27:13 +0200
parents 35b44dd22e08
children 481a979a9d1f
files dw/fltkimgbuf.cc
diffstat 1 files changed, 14 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/dw/fltkimgbuf.cc	Mon Jun 29 19:36:34 2009 +0200
+++ b/dw/fltkimgbuf.cc	Mon Jun 29 20:27:13 2009 +0200
@@ -26,6 +26,8 @@
 #include <fltk/draw.h>
 #include <fltk/Color.h>
 
+#define IMAGE_MAX_AREA (6000 * 6000)
+
 using namespace fltk;
 
 namespace dw {
@@ -185,6 +187,18 @@
       }
    }
 
+   /* Check for excessive image sizes which would cause crashes due to
+    * too big allocations for the image buffer.
+    * In this case we return a pointer to the unscaled image buffer.
+    */
+   if (width <= 0 || height <= 0 ||
+       width > IMAGE_MAX_AREA / height) {
+      MSG("FltkImgbuf::getScaledBuf: suspicious image size request %dx%d\n",
+           width, height);
+      ref ();
+      return this;
+   }
+
    /* This size is not yet used, so a new buffer has to be created. */
    FltkImgbuf *sb = new FltkImgbuf (type, width, height, this);
    scaledBuffers->append (sb);