Commit: 24a2b5cb1292f769dd86e314471443976d5e9512
Author: Campbell Barton
Date: Fri Jul 15 14:47:18 2022 +1000
Branches: blender-v3.2-release
https://developer.blender.org/rB24a2b5cb1292f769dd86e314471443976d5e9512
Fix T99711: Eternal loop reading blend file thumbnail
Account for negative BHead length (already handled by blend file loading).
===================================================================
M source/blender/blendthumb/src/blendthumb_extract.cc
===================================================================
diff --git a/source/blender/blendthumb/src/blendthumb_extract.cc
b/source/blender/blendthumb/src/blendthumb_extract.cc
index 369da559fc8..163197c8b67 100644
--- a/source/blender/blendthumb/src/blendthumb_extract.cc
+++ b/source/blender/blendthumb/src/blendthumb_extract.cc
@@ -121,6 +121,9 @@ static eThumbStatus
blendthumb_extract_from_file_impl(FileReader *file,
while (file_read(file, bhead_data, bhead_size)) {
/* Parse type and size from `BHead`. */
const int32_t block_size = bytes_to_native_i32(&bhead_data[4],
endian_switch);
+ if (UNLIKELY(block_size < 0)) {
+ return BT_INVALID_THUMB;
+ }
/* We're looking for the thumbnail, so skip any other block. */
switch (*((int32_t *)bhead_data)) {
_______________________________________________
Bf-blender-cvs mailing list
Bf-blender-cvs@blender.org
List details, subscription details or unsubscribe:
https://lists.blender.org/mailman/listinfo/bf-blender-cvs
