Skip to content

fix(iff): reject implausible image dimensions before allocating tile buffer#5284

Open
lgritz wants to merge 1 commit into
AcademySoftwareFoundation:mainfrom
lgritz:lg-iffalloc
Open

fix(iff): reject implausible image dimensions before allocating tile buffer#5284
lgritz wants to merge 1 commit into
AcademySoftwareFoundation:mainfrom
lgritz:lg-iffalloc

Conversation

@lgritz

@lgritz lgritz commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator

TBHD width/height/channel fields were never cross-checked against how much tile data the file actually contains, so a corrupt header could claim an arbitrarily large image (e.g. 16k x 16k) backed by only a few hundred bytes of real data. readimg() would then resize() a multi-gigabyte buffer for a tiny malformed file, hanging (or very slowly succeeding) instead of failing -- a resource-exhaustion DoS on untrusted input, found via fuzzing.

Bound the claimed image size against how much tile data remains in the file, generously allowing for RLE's worst-case 128x expansion ratio, and fail fast if it's implausible.

Assisted-by: Claude Code / claude-sonnet-5

…buffer

TBHD width/height/channel fields were never cross-checked against how
much tile data the file actually contains, so a corrupt header could
claim an arbitrarily large image (e.g. 16k x 16k) backed by only a few
hundred bytes of real data. readimg() would then resize() a
multi-gigabyte buffer for a tiny malformed file, hanging (or very
slowly succeeding) instead of failing -- a resource-exhaustion DoS on
untrusted input, found via fuzzing.

Bound the claimed image size against how much tile data remains in the
file, generously allowing for RLE's worst-case 128x expansion ratio,
and fail fast if it's implausible.

Assisted-by: Claude Code / claude-sonnet-5

Signed-off-by: Larry Gritz <lg@larrygritz.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant