imgcodecs(bmp): limit size of processed images

author Alexander Alekhin <alexander.a.alekhin@gmail.com>

Sun, 31 Mar 2019 10:43:30 +0000 (10:43 +0000)

committer Alexander Alekhin <alexander.a.alekhin@gmail.com>

Sun, 31 Mar 2019 10:48:07 +0000 (10:48 +0000)
author Alexander Alekhin <alexander.a.alekhin@gmail.com>
Sun, 31 Mar 2019 10:43:30 +0000 (10:43 +0000)
committer Alexander Alekhin <alexander.a.alekhin@gmail.com>
Sun, 31 Mar 2019 10:48:07 +0000 (10:48 +0000)
diff --git a/modules/imgcodecs/src/grfmt_bmp.cpp b/modules/imgcodecs/src/grfmt_bmp.cpp

index 3d083b3..5ca015a 100644 (file)
--- a/modules/imgcodecs/src/grfmt_bmp.cpp
+++ b/modules/imgcodecs/src/grfmt_bmp.cpp
@@ -203,6 +203,9 @@ bool  BmpDecoder::readData( Mat& img )
      int  nch = color ? 3 : 1;
      int  y, width3 = m_width*nch;
  
+    // FIXIT: use safe pointer arithmetic (avoid 'int'), use size_t, intptr_t, etc
+    CV_Assert(((uint64)m_height * m_width * nch < (CV_BIG_UINT(1) << 30)) && "BMP reader implementation doesn't support large images >= 1Gb");
+
      if( m_offset < 0 || !m_strm.isOpened())
          return false;
author	Alexander Alekhin <alexander.a.alekhin@gmail.com>
	Sun, 31 Mar 2019 10:43:30 +0000 (10:43 +0000)
committer	Alexander Alekhin <alexander.a.alekhin@gmail.com>
	Sun, 31 Mar 2019 10:48:07 +0000 (10:48 +0000)