Fix SVACE issue

- Integer 'rowStride' could be obtained from untrusted source at loader-bmp.cpp:105
- Checked 'infoHeader.width' and 'infoHeader.height' bounds

Change-Id: I5e054565e85b11dc8cdb5a2809955fd75a3c53fb
Signed-off-by: Seoyeon Kim <seoyeon2.kim@samsung.com>

diff --git a/platform-abstractions/tizen/image-loaders/loader-bmp.cpp b/platform-abstractions/tizen/image-loaders/loader-bmp.cpp
index 0ac6748..37f3c26 100644 (file)
--- a/platform-abstractions/tizen/image-loaders/loader-bmp.cpp
+++ b/platform-abstractions/tizen/image-loaders/loader-bmp.cpp
@@ -110,6 +110,11 @@ bool LoadBmpHeader(FILE *fp, unsigned int &width, unsigned int &height, BmpFileH
   width = infoHeader.width;
   height = abs(infoHeader.height);
 
+  if( infoHeader.width == 0 )
+  {
+    return false;
+  }
+
   return true;
 }
 
@@ -1254,7 +1259,7 @@ bool LoadBitmapFromBmp( const ImageLoader::Input& input, Integration::Bitmap& bi
     }
     case BMP_RGB4:
     {
-      decodeResult = DecodeRGB4(fp, pixels, infoHeader.width, infoHeader.height, 14 + infoHeader.infoHeaderSize, topDown);
+      decodeResult = DecodeRGB4(fp, pixels, infoHeader.width, abs(infoHeader.height), 14 + infoHeader.infoHeaderSize, topDown);
       break;
     }
     case BMP_RLE4: