summaryrefslogtreecommitdiff
path: root/modules/tga/image_loader_tga.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'modules/tga/image_loader_tga.cpp')
-rw-r--r--modules/tga/image_loader_tga.cpp28
1 files changed, 17 insertions, 11 deletions
diff --git a/modules/tga/image_loader_tga.cpp b/modules/tga/image_loader_tga.cpp
index ef53661557..f0d7c335bd 100644
--- a/modules/tga/image_loader_tga.cpp
+++ b/modules/tga/image_loader_tga.cpp
@@ -35,7 +35,7 @@
#include "core/os/os.h"
#include "core/string/print_string.h"
-Error ImageLoaderTGA::decode_tga_rle(const uint8_t *p_compressed_buffer, size_t p_pixel_size, uint8_t *p_uncompressed_buffer, size_t p_output_size) {
+Error ImageLoaderTGA::decode_tga_rle(const uint8_t *p_compressed_buffer, size_t p_pixel_size, uint8_t *p_uncompressed_buffer, size_t p_output_size, size_t p_input_size) {
Error error;
Vector<uint8_t> pixels;
@@ -56,11 +56,14 @@ Error ImageLoaderTGA::decode_tga_rle(const uint8_t *p_compressed_buffer, size_t
compressed_pos += 1;
count = (c & 0x7f) + 1;
- if (output_pos + count * p_pixel_size > output_pos) {
+ if (output_pos + count * p_pixel_size > p_output_size) {
return ERR_PARSE_ERROR;
}
if (c & 0x80) {
+ if (compressed_pos + p_pixel_size > p_input_size) {
+ return ERR_PARSE_ERROR;
+ }
for (size_t i = 0; i < p_pixel_size; i++) {
pixels_w[i] = p_compressed_buffer[compressed_pos];
compressed_pos += 1;
@@ -72,6 +75,9 @@ Error ImageLoaderTGA::decode_tga_rle(const uint8_t *p_compressed_buffer, size_t
output_pos += p_pixel_size;
}
} else {
+ if (compressed_pos + count * p_pixel_size > p_input_size) {
+ return ERR_PARSE_ERROR;
+ }
count *= p_pixel_size;
for (size_t i = 0; i < count; i++) {
p_uncompressed_buffer[output_pos] = p_compressed_buffer[compressed_pos];
@@ -83,7 +89,7 @@ Error ImageLoaderTGA::decode_tga_rle(const uint8_t *p_compressed_buffer, size_t
return OK;
}
-Error ImageLoaderTGA::convert_to_image(Ref<Image> p_image, const uint8_t *p_buffer, const tga_header_s &p_header, const uint8_t *p_palette, const bool p_is_monochrome, size_t p_output_size) {
+Error ImageLoaderTGA::convert_to_image(Ref<Image> p_image, const uint8_t *p_buffer, const tga_header_s &p_header, const uint8_t *p_palette, const bool p_is_monochrome, size_t p_input_size) {
#define TGA_PUT_PIXEL(r, g, b, a) \
int image_data_ofs = ((y * width) + x); \
image_data_w[image_data_ofs * 4 + 0] = r; \
@@ -134,7 +140,7 @@ Error ImageLoaderTGA::convert_to_image(Ref<Image> p_image, const uint8_t *p_buff
if (p_is_monochrome) {
while (y != y_end) {
while (x != x_end) {
- if (i > p_output_size) {
+ if (i >= p_input_size) {
return ERR_PARSE_ERROR;
}
uint8_t shade = p_buffer[i];
@@ -150,7 +156,7 @@ Error ImageLoaderTGA::convert_to_image(Ref<Image> p_image, const uint8_t *p_buff
} else {
while (y != y_end) {
while (x != x_end) {
- if (i > p_output_size) {
+ if (i >= p_input_size) {
return ERR_PARSE_ERROR;
}
uint8_t index = p_buffer[i];
@@ -181,7 +187,7 @@ Error ImageLoaderTGA::convert_to_image(Ref<Image> p_image, const uint8_t *p_buff
} else if (p_header.pixel_depth == 24) {
while (y != y_end) {
while (x != x_end) {
- if (i + 2 > p_output_size) {
+ if (i + 2 >= p_input_size) {
return ERR_PARSE_ERROR;
}
@@ -200,7 +206,7 @@ Error ImageLoaderTGA::convert_to_image(Ref<Image> p_image, const uint8_t *p_buff
} else if (p_header.pixel_depth == 32) {
while (y != y_end) {
while (x != x_end) {
- if (i + 3 > p_output_size) {
+ if (i + 3 >= p_input_size) {
return ERR_PARSE_ERROR;
}
@@ -226,9 +232,9 @@ Error ImageLoaderTGA::convert_to_image(Ref<Image> p_image, const uint8_t *p_buff
Error ImageLoaderTGA::load_image(Ref<Image> p_image, FileAccess *f, bool p_force_linear, float p_scale) {
Vector<uint8_t> src_image;
- int src_image_len = f->get_len();
+ uint64_t src_image_len = f->get_length();
ERR_FAIL_COND_V(src_image_len == 0, ERR_FILE_CORRUPT);
- ERR_FAIL_COND_V(src_image_len < (int)sizeof(tga_header_s), ERR_FILE_CORRUPT);
+ ERR_FAIL_COND_V(src_image_len < (int64_t)sizeof(tga_header_s), ERR_FILE_CORRUPT);
src_image.resize(src_image_len);
Error err = OK;
@@ -307,7 +313,7 @@ Error ImageLoaderTGA::load_image(Ref<Image> p_image, FileAccess *f, bool p_force
const uint8_t *buffer = nullptr;
if (is_encoded) {
- err = decode_tga_rle(src_image_r, pixel_size, uncompressed_buffer_w, buffer_size);
+ err = decode_tga_rle(src_image_r, pixel_size, uncompressed_buffer_w, buffer_size, src_image_len);
if (err == OK) {
uncompressed_buffer_r = uncompressed_buffer.ptr();
@@ -337,7 +343,7 @@ static Ref<Image> _tga_mem_loader_func(const uint8_t *p_tga, int p_size) {
Error open_memfile_error = memfile.open_custom(p_tga, p_size);
ERR_FAIL_COND_V_MSG(open_memfile_error, Ref<Image>(), "Could not create memfile for TGA image buffer.");
Ref<Image> img;
- img.instance();
+ img.instantiate();
Error load_error = ImageLoaderTGA().load_image(img, &memfile, false, 1.0f);
ERR_FAIL_COND_V_MSG(load_error, Ref<Image>(), "Failed to load TGA image.");
return img;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-16 05:25:59 +0000