diff options
| author | Michael Giacomelli <giac2000@hotmail.com> | 2020-12-09 01:05:48 -0500 |
|---|---|---|
| committer | Michael Giacomelli <giac2000@hotmail.com> | 2020-12-14 04:14:45 +0000 |
| commit | 64cc9aad73fd8f5e780be46806f85473e261862f (patch) | |
| tree | 4c04c5a800255e9e78c6ce63bbd2ab5136b90c05 | |
| parent | 56f4ec96686521d2b267d55271b0f5483c96bf6c (diff) | |
| download | rockbox-64cc9aad73fd8f5e780be46806f85473e261862f.tar.gz rockbox-64cc9aad73fd8f5e780be46806f85473e261862f.zip | |
Do not resize images greater than 32767 pixels in either dimension
Internally, the resizing code uses the rockbox dim structure, which uses signed shorts.
Change-Id: Ic8850e8563a9d8c0cb3cf8269e2576be9e42b45b
| -rwxr-xr-x[-rw-r--r--] | apps/recorder/jpeg_load.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/apps/recorder/jpeg_load.c b/apps/recorder/jpeg_load.c index 16a2f4e3a3..9ab42b7a9f 100644..100755 --- a/apps/recorder/jpeg_load.c +++ b/apps/recorder/jpeg_load.c @@ -2050,6 +2050,15 @@ int clip_jpeg_fd(int fd, if (!(status & DHT)) /* if no Huffman table present: */ default_huff_tbl(p_jpeg); /* use default */ fix_headers(p_jpeg); /* derive Huffman and other lookup-tables */ + + /*the dim array in rockbox is limited to 2^15-1 pixels, so we cannot resize + images larger than this without overflowing */ + if(p_jpeg->x_size > 32767 || p_jpeg->y_size > 32767) + { + JDEBUGF("Aborting resize of image > 32767 pixels\n"); + return -1; + } + src_dim.width = p_jpeg->x_size; src_dim.height = p_jpeg->y_size; if (format & FORMAT_RESIZE) |