Commit Graph

364 Commits

Author SHA1 Message Date
Ryan C. Gordon d60594847e Reject images that are too large (as defined by the application).
The BMP loader already had this hardcoded to (1 << 24) pixels, so this seems
like a good default to apply to all formats, but many apps will want to clamp
this much much lower.

It's possible to craft malicious but valid images that are enormous, causing
stb_image to allocate tons of memory and eat a ton of CPU, so locking these
to a maximum permitted size can save a lot of headaches in the wild.
2020-04-28 13:28:45 -04:00
Ryan C. Gordon 98ca24b8c7 Turn several asserts into formal checks.
There are several places where stb_image protects itself from bad data with
STBI_ASSERT macros, but if these are compiled out in release builds the code
will overflow buffers, etc, without warning. If they are left enabled, the
process will crash from assertion failures.

This patch attempts to leave the assertions in place that are meant to verify
the correctness of the interfaces (if the calling function was meant to pass
only 8 or 16 for bit depth, it's reasonable to assert that is accurate), but
changes asserts that are triggered by corrupt or malicious image file data.

Failed asserts were the majority of crashes during fuzzing; now all of these
cases safely report an error back to the calling app.
2020-04-28 13:28:45 -04:00
Ryan C. Gordon 95560bc6cf Be more aggressive about unexpected EOF conditions.
Fixes several hangs in the presence of bad input data.
2020-04-28 13:28:45 -04:00
Ryan C. Gordon eb4b057f0d Check a return value for errors.
Catches bad input data found during fuzzing.
2020-04-28 13:28:45 -04:00
Ryan C. Gordon b5d2296d5d Check for some obviously bad inputs from corrupt/malicious data.
These all caused crashes during fuzzing.
2020-04-28 13:28:45 -04:00
Ryan C. Gordon 385b5d3cda stbi__stdio_eof() should check ferror(), too.
Otherwise with filesystem errors, you might end up with a short read but
believe there's still more to read from the file, causing infinite loops.
2020-04-28 13:25:57 -04:00
Ryan C. Gordon 00f3f01be3 fseek() resets the EOF flag, even if seeking past the end of a read-only file.
This causes problems when stb_image tries to do this with stdio callbacks with
a maliciously crafted file (or just an unfortunately corrupt one)...

    // calls fread(), sets EOF flag, sets s->read_from_callbacks = 0
    stbi__refill_buffer(s);

    // calls fseek(), which resets the stream's EOF flag
    stbi__skip(some value we just read)

    // calls feof(), which always returns false because EOF flag was reset.
    while (!stbi__at_eof(s)) {
        // never calls fread() because s->read_from_callbacks==0
        stbi__refill_buffer(s);
        // loop forever
    }

To work around this, after seeking, we call fgetc(), which will set the EOF
flag as appropriate, and if not at EOF, we ungetc the byte so future reads
are correct. This fixes the infinite loop.
2020-04-28 13:25:57 -04:00
Sean Barrett 0224a44a10 stb_image: fix new warnings 2020-02-02 20:30:25 -08:00
Sean Barrett 2bb4a0accd Fix trailing whitespace 2020-02-02 11:30:27 -08:00
Sean Barrett 5e4a0617b7 udpate version numbers 2020-02-02 11:12:13 -08:00
Sean Barrett 1ced9faea1 Merge branch 'unused-function-warnings' of https://github.com/BradleyMarie/stb into work2 2020-02-02 10:11:43 -08:00
Sean Barrett 1586318a00 Merge branch 'master' of https://github.com/Try/stb into work2 2020-02-02 09:53:28 -08:00
Sean Barrett 6877b1afd3 Merge branch 'fix_issue_746' of https://github.com/BlackMATov/stb into work2 2020-02-02 08:52:48 -08:00
Sean Barrett 81d1537579 Merge branch 'fix_issue_745' of https://github.com/BlackMATov/stb into work2 2020-02-02 08:21:46 -08:00
Sean Barrett 28cc61a1ff stb_image: fix previous fix 2020-02-02 08:16:58 -08:00
Sean Barrett f9ec936e7e Merge branch 'patch-1' of https://github.com/GMacharadze/stb into work2 2020-02-02 08:14:23 -08:00
Sean Barrett ecf2a56f6d Merge branch 'patch-1' of https://github.com/StylishTriangles/stb into work2 2020-02-02 08:03:06 -08:00
Sean Barrett eb48fbdced stb_image: use thread-locals for vertically_flip flag and g_failure_reason 2020-02-02 07:06:05 -08:00
Brad Weinberger e2b8524aa2 Fix clang unused function compile warnings 2020-02-01 11:41:47 -08:00
Sean Barrett c440a53d06 stb_image: fix reading BMP with explicit masks 2020-02-01 04:19:28 -08:00
Try 4148eb4d90 stb_image: fix CRC reading at the end of IEND chunk in png file 2019-11-18 19:25:38 +01:00
BlackMATov 01b2d76baf stb_image.h: fix warning about unused function 'stbi__err'
Fixes issue #746.
2019-08-22 10:28:16 +07:00
Sean Barrett 787f1d646a Update version numbers 2019-08-11 05:38:37 -07:00
Sean Barrett 5072185467 stb_image: fix static analyzer warnings 2019-08-11 05:19:33 -07:00
Sean Barrett 26a02f81ca stb_image: fix bug where bmp claimed to be 24-bit but also claimed to have an alpha bitfield 2019-08-11 04:54:52 -07:00
BlackMATov 4a4c9deaac stb_image: fix warning (unused parameter ‘bpc’)
Fixes issue #745.
2019-05-15 14:12:52 +07:00
Georgy Macharadze 4e0c494515 stb_image: fixed 'out' nulled but not freed upon failure
If realloc fails it returns NULL and out pointer becomes invalid. To
fix this it is necessary to store realloc return value in temporary
pointer and then compare it with NULL. If it equals NULL then return
error and source pointer will still valid.

This error was caught by cppcheck:
Common realloc mistake: 'out' nulled but not freed upon failure.
2019-04-22 14:30:12 +03:00
Łukasz Ptak 48ffc6bc55
Fix gcc warning: expression always true
stb_image.h:5113:18: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits]
    STBI_ASSERT(v >= 0 && v < 256);
2019-03-16 23:00:14 +01:00
Sean Barrett 2c2908f505 update version numbers 2019-03-04 15:08:53 -08:00
Sean Barrett d940053a01 Merge branch 'master' into working 2019-03-04 14:56:00 -08:00
Sean Barrett 1737c342e2 Merge branch 'fix_issue-656' of https://github.com/rygorous/stb into working 2019-03-04 14:52:20 -08:00
Sean Barrett a0b521fcf2 no warnings when compiling /W3
compiling all test cases and compilers in test.sbm
   Compilers:
     32-bit:
       VS2015
       VS2013
       VS2008
       VC6 (1998)
       clang-cl 9.0.1
     64-bit
       VS2015
       clang-cl 9.0.1
2019-03-04 14:45:06 -08:00
Fabian Giesen d6a598186c stb_image: Pacify some MSVC warnings.
Convince the compiler's dataflow analysis that yes, we are not
reading uninitialized values of coutput.

Fixes issue #608.
2019-03-01 19:57:12 -08:00
Fabian Giesen 6570d6a825 stb_image: Make GIF reader validate image size.
I must've missed it when I did this for the other image loaders.
Either way, combined with the previous checkin, this should fix
issue #614 properly.

Fixes issue #614.
2019-03-01 19:47:59 -08:00
Fabian Giesen 50b1bfba58 stb_image: Fix multiple bugs in GIF decoder.
1. Check not just g->out allocation for failure.
2. If an image descriptor specified a 0-width image, this could be
   used to produce an out-of-bounds write.
3. Fix memory leak in case an error occurs during decoding.

Fixes issue #656.
2019-03-01 19:22:44 -08:00
Sean Barrett c963e40972 update version numbers 2019-02-25 11:48:42 -08:00
Sean Barrett 5fe7fb52f2 various fixes for clang
also fix a comment typo
2019-02-25 11:10:54 -08:00
Sean Barrett 63b59b46b0 update version numbers 2019-02-07 10:03:00 -08:00
Sean Barrett 7463635e52 Merge branch 'patch-3' of https://github.com/NuklearBomb/stb into working 2019-02-07 08:53:19 -08:00
Sean Barrett 694b61fcb1 stb_image: remove non-ASCII character from credits 2019-02-07 07:39:46 -08:00
Sean Barrett f9d9a419a9 Merge branch 'optimize_stbi__ldr_to_hdr' of https://github.com/technik/stb into working 2019-02-07 07:33:00 -08:00
Sean Barrett db691f0c69 Merge branch 'fix_1bit_bmp' of https://github.com/plzombie/stb into working 2019-02-07 07:30:39 -08:00
Sean Barrett 79a7719c37 stb_image: fix d1252e1bb9 for building in C 2019-02-07 07:20:58 -08:00
Sean Barrett 7056eae4ae Merge branch 'issue-609' of https://github.com/dp304/stb into working 2019-02-07 07:19:18 -08:00
Sean Barrett d1252e1bb9 Merge branch 'master' of https://github.com/ab-cpp/stb into working 2019-02-07 07:17:05 -08:00
Sean Barrett ba5fc494b4 Merge branch 'master' of https://github.com/WARP-LAB/stb into working 2019-02-07 06:58:18 -08:00
Sean Barrett f82dbd638c windows unicode: don't malloc buffers, add explicit STBI_WINDOWS_UTF8 #define 2019-02-07 05:55:03 -08:00
Sean Barrett ae773aa438 Merge branch 'unicode-file-support' of https://github.com/jrsmith17/stb into temp 2019-02-07 05:07:14 -08:00
Sean Barrett 3005bcfe87 Merge branch 'misc-typos' of https://github.com/luzpaz/stb into working 2019-02-07 05:00:12 -08:00
Sean Barrett 061422f580 fix non-fastpath BMP pixels with bit 31 set when asserts are on 2019-02-07 04:39:51 -08:00