Sākums Izpētīt Palīdzība
Pierakstīties
c
/
stb
spogulis no https://github.com/nothings/stb.git
2
0
Atdalīts 0
Faili Problēmas 0 Vikivietne
Pārlūkot izejas kodu

stb_image PNG: Checks for invalid DEFLATE codes.

Specifically, this rejects length codes 286 and 287, and distance codes 30 and 31.
This avoids a scenario in which a file could contain a table in which
0 corresponded to length code 287, which would result in writing 0 bits.

Signed-off-by: Neil Bickford <[email protected]>
Neil Bickford 3 gadi atpakaļ
vecāks
8b5f1f37b5
revīzija
9f22cc9008
1 mainītis faili ar 2 papildinājumiem un 1 dzēšanām
Dalītais skats Rādīt salīdzināšanas statistiku
  1. 2 1
      stb_image.h

+ 2 - 1
stb_image.h
Parādīt failu 

@@ -4256,11 +4256,12 @@ static int stbi__parse_huffman_block(stbi__zbuf *a)
 
             a->zout = zout;
 
             return 1;
 
          }
 
+         if (z >= 286) return stbi__err("bad huffman code","Corrupt PNG"); // per DEFLATE, length codes 286 and 287 must not appear in compressed data
 
          z -= 257;
 
          len = stbi__zlength_base[z];
 
          if (stbi__zlength_extra[z]) len += stbi__zreceive(a, stbi__zlength_extra[z]);
 
          z = stbi__zhuffman_decode(a, &a->z_distance);
 
-         if (z < 0) return stbi__err("bad huffman code","Corrupt PNG");
 
+         if (z < 0 || z >= 30) return stbi__err("bad huffman code","Corrupt PNG"); // per DEFLATE, distance codes 30 and 31 must not appear in compressed data
 
          dist = stbi__zdist_base[z];
 
          if (stbi__zdist_extra[z]) dist += stbi__zreceive(a, stbi__zdist_extra[z]);
 
          if (zout - a->zout_start < dist) return stbi__err("bad dist","Corrupt PNG");