Commit Graph

404 Commits

Author SHA1 Message Date
Fabian Giesen
17bc84e15d stb_image: stbi__bmp_info only rewind stream on error
To be consistent with the other info functions.

Fixes issue #892.
2021-07-04 21:47:13 -07:00
Fabian Giesen
ab18d9b250 stb_image: Fix two bugs found via VC++ /analyze
Also fixes issue #366.
2021-07-04 21:42:44 -07:00
Fabian Giesen
82f9950cea stb_image: Update credits 2021-07-04 01:39:10 -07:00
Eugene Golushkov
db864a1e30 stb_image: fix building by MSVC for Windows 10 on ARM 2021-07-04 01:39:10 -07:00
Fabian Giesen
2506215e8a stb_image: Key Win32 UTF-8 support off _WIN32 not _MSC_VER
So that it also works on MinGW.

Fixes issue #729.
2021-07-04 01:39:10 -07:00
Fabian Giesen
991f1f6419 stb_image: Fix wrong buffer sizes passed to MultiByteToWideChar
Fixes issue #772.
2021-07-04 01:39:10 -07:00
Fabian Giesen
56a7113cd0 stb_image: Reorder format test sequence
Put the formats that start with a clear magic number first,
the dodgy ones that don't have much of a distinctive header
should be tested for later after we've ruled out the clearer
ones.

Fixes issue #787, hopefully. (Never got a clean repro.)
2021-07-04 01:39:10 -07:00
Fabian Giesen
618dbd01c8 stb_image: Document image size limits
Both the buffer size limits and the image dimension limits.

Fixes issue #672.
2021-07-04 01:39:10 -07:00
Fabian Giesen
4d3b93f589 stb_image: Erorr in BMP should error, not assert.
There was both the assert and the error check; should just be
the error check.

Fixes issue #881 (or rather, part of it).
2021-07-04 01:39:09 -07:00
Fabian Giesen
31ba943e3f stb_image: UB fix in stbi__get32le
Need to do the second-part shift on uint32 not int.
2021-07-04 01:39:09 -07:00
Fabian Giesen
d6ab7faec0 stb_image: Update comment
As per recent patches, we do support 16-bit PNMs.
2021-07-04 01:39:09 -07:00
Fabian Giesen
bb09317445 stb_image: Avoid left-shifts of signed values
It's implementation-specified behavior. Writing this code and then
relying on compiler strength reduction to turn it back into shifts
feels extremely silly but it is what it is.

Fixes issue #1097.
2021-07-04 01:39:09 -07:00
Fabian Giesen
43b32c7bab stb_image: Avoid shift of signed values in extend_receive
Use an equivalent formulation that has sgn=0 or 1, not 0 or -1.
This avoids right-shifting signed values, at least in this place.

Fixes issue #1061.
2021-07-04 01:39:09 -07:00
Fabian Giesen
6d857933d5 stb_image, stb_image_write: Fix compare sign warnings
For the stb_image fix, also replace the magic 288 with a more
descriptive name while I'm at it.

Fixes #1100
2021-07-04 01:39:09 -07:00
Fabian Giesen
265b73bb0b stb_image: Fix lrot definition, small extend_receive tweak
Define lrot in a way that doesn't involve UB when n==0.
Also, the previous patch ensures that n <= 15 for all callers
of stbi__extend_receive, so can remove the (less restrictive)
bounds check for 0 <= n < 17 (the bounds of stbi__bmask)
entirely.

Fixes issue #1065.
2021-07-04 01:39:09 -07:00
Fabian Giesen
86b7570cfb stb_image: Fix bug on JPEGs with malformed DC deltas
extend_receive implicitly requires n <= 15 (code length);
the maximum that actually makes sense for 8-bit baseline JPEG is
11, but 15 is the natural limit for us because the AC coding path
stores the number of magnitude bits in a nibble.

Check that DC delta bits are in range before attempting to call
extend_receive.

Fixes issue #1108.
2021-07-04 01:39:09 -07:00
Fabian Giesen
6ab6303f98 stb_image: Check results of all mallocs.
A few were missing. Make sure to always report ouf-of-memory
errors.

Fixes issue #1056.
2021-07-04 01:39:09 -07:00
Fabian Giesen
8e8f7d9b69 stb_image: Update credits, change log 2021-07-04 01:38:24 -07:00
Simon Breuss
8c15cc9c79 Adds 16-bit support for pnm files. 2021-07-04 01:38:24 -07:00
Jacko Dirks
c62af85657 stb_image.h: Suppress warnings about out_size, delay_size
These two variables are unused on some targets, resulting in
warnings. Add STBI_NOTUSED around them to suppress those
warnings.
2021-07-04 01:38:24 -07:00
Fabian Giesen
448bb137e3 stb_image: Better docs for stbi_info.
Fixes #1026.
2021-07-04 01:38:24 -07:00
Fabian Giesen
1203eb554b stb_image: Fix issue #994.
Accidentally introduced during a merge.
2021-07-04 01:38:24 -07:00
Sean Barrett
e140649ccf remove trailign whitespace 2020-07-13 04:40:31 -07:00
Sean Barrett
314d0a6f9a update version numbers 2020-07-13 04:36:03 -07:00
Sean Barrett
f3085776a4 Merge branch 'patch-1' of https://github.com/coltongit/stb into working 2020-07-13 04:07:16 -07:00
Sean Barrett
589a678b65 Merge branch 'master' of https://github.com/recp/stb into working 2020-07-13 04:06:19 -07:00
Sean Barrett
bfaccab17a Merge branch 'stb-image-fuzzing-fixes' of https://github.com/rcgordon/stb into working 2020-07-13 03:53:53 -07:00
Sean Barrett
fd9c3ea4af Merge branch 'bmp-assert' of https://github.com/zturtleman/stb into working 2020-07-13 03:01:52 -07:00
Sean Barrett
6f7420a825 add credits for last few PR merges 2020-07-13 02:59:10 -07:00
Sean Barrett
fdafd1aab4 Merge branch 'loadgif-realloc-sized' of https://github.com/SasLuca/stb into test 2020-07-13 02:45:13 -07:00
Sean Barrett
802a1df278 tweak indentation 2020-07-13 02:20:37 -07:00
Colton G. Rushton
9e292f0731
Fix minor typo in comment on line 6532 2020-05-30 17:41:25 -03:00
Recep Aslantas
ec898982b0 stbi: use __thread if GCC can't use _Thread_local 2020-05-26 00:22:12 +03:00
Recep Aslantas
8cb98357de stbi: fix thread local selector
* GCC < 5 supports __thread and GCC >= 5 supports C11 with _Thread_local
* Skip _Thread_local for MSVC because it may not be supported
2020-05-26 00:03:46 +03:00
Ryan C. Gordon
c29138ba59 Add randy408 to the "Bug warnings & fixes" list. 2020-04-29 14:20:33 -04:00
Randy
29d639546d fix integer arithmetic in stbi__zexpand() 2020-04-29 14:19:01 -04:00
Ryan C. Gordon
b09cb2c6f5 Add Ryan C. Gordon to "Bug & warning fixes" contribution list. 2020-04-28 13:28:45 -04:00
Ryan C. Gordon
89f3f35c9f stbi__skip should return immediately if skipping zero bytes.
Otherwise we might waste time or throw away state in the i/o callbacks.
2020-04-28 13:28:45 -04:00
Ryan C. Gordon
d60594847e Reject images that are too large (as defined by the application).
The BMP loader already had this hardcoded to (1 << 24) pixels, so this seems
like a good default to apply to all formats, but many apps will want to clamp
this much much lower.

It's possible to craft malicious but valid images that are enormous, causing
stb_image to allocate tons of memory and eat a ton of CPU, so locking these
to a maximum permitted size can save a lot of headaches in the wild.
2020-04-28 13:28:45 -04:00
Ryan C. Gordon
98ca24b8c7 Turn several asserts into formal checks.
There are several places where stb_image protects itself from bad data with
STBI_ASSERT macros, but if these are compiled out in release builds the code
will overflow buffers, etc, without warning. If they are left enabled, the
process will crash from assertion failures.

This patch attempts to leave the assertions in place that are meant to verify
the correctness of the interfaces (if the calling function was meant to pass
only 8 or 16 for bit depth, it's reasonable to assert that is accurate), but
changes asserts that are triggered by corrupt or malicious image file data.

Failed asserts were the majority of crashes during fuzzing; now all of these
cases safely report an error back to the calling app.
2020-04-28 13:28:45 -04:00
Ryan C. Gordon
95560bc6cf Be more aggressive about unexpected EOF conditions.
Fixes several hangs in the presence of bad input data.
2020-04-28 13:28:45 -04:00
Ryan C. Gordon
eb4b057f0d Check a return value for errors.
Catches bad input data found during fuzzing.
2020-04-28 13:28:45 -04:00
Ryan C. Gordon
b5d2296d5d Check for some obviously bad inputs from corrupt/malicious data.
These all caused crashes during fuzzing.
2020-04-28 13:28:45 -04:00
Ryan C. Gordon
385b5d3cda stbi__stdio_eof() should check ferror(), too.
Otherwise with filesystem errors, you might end up with a short read but
believe there's still more to read from the file, causing infinite loops.
2020-04-28 13:25:57 -04:00
Ryan C. Gordon
00f3f01be3 fseek() resets the EOF flag, even if seeking past the end of a read-only file.
This causes problems when stb_image tries to do this with stdio callbacks with
a maliciously crafted file (or just an unfortunately corrupt one)...

    // calls fread(), sets EOF flag, sets s->read_from_callbacks = 0
    stbi__refill_buffer(s);

    // calls fseek(), which resets the stream's EOF flag
    stbi__skip(some value we just read)

    // calls feof(), which always returns false because EOF flag was reset.
    while (!stbi__at_eof(s)) {
        // never calls fread() because s->read_from_callbacks==0
        stbi__refill_buffer(s);
        // loop forever
    }

To work around this, after seeking, we call fgetc(), which will set the EOF
flag as appropriate, and if not at EOF, we ungetc the byte so future reads
are correct. This fixes the infinite loop.
2020-04-28 13:25:57 -04:00
Zack Middleton
e919bcd32e stb_image: fix assert failing when loading BMP
This fixes two issues with an assert failing. I tested that the
first part fixes #909 and the second fixes #897.

1. Loading 16/24/32-bit BMP from memory caused an assert to fail
(excluding 16-bit BMP with hsz 12).

img_buffer offset was always compared with the buffer for
stbi_load_from_file() but stbi_load_from_memory() uses an external
buffer.

Resolution: Change s->buffer_start to s->img_buffer_original.

2. Loading BMP with large header from file caused assert to fail.

img_buffer points to stbi_uc buffer_start[128] but the largest BMP
supported has a 138 byte header (hsz 124) causing img_buffer to wrap
around to an offset of 10. The assert fails because 138 (header size)
!= 10 (offset in temp read buffer).

Resolution: Add the previously read bytes to the offset in temp read
buffer to get the absolute offset.

The issues were introduced by the commit c440a53d06
("stb_image: fix reading BMP with explicit masks").
2020-03-24 21:53:08 -04:00
Luca Sas
c5102ecc4d Refactored stbi__load_gif_main to use STBI_REALLOC_SIZED instead of STBI_REALLOC. 2020-02-13 13:05:12 +00:00
Sean Barrett
0224a44a10 stb_image: fix new warnings 2020-02-02 20:30:25 -08:00
Sean Barrett
2bb4a0accd Fix trailing whitespace 2020-02-02 11:30:27 -08:00
Sean Barrett
5e4a0617b7 udpate version numbers 2020-02-02 11:12:13 -08:00