Commit 4cc4d532 authored by Yong Tang's avatar Yong Tang Committed by Sourabh Bajaj
Browse files

Fix decode_bmp crash by adding length check before reading the data in buffer (#14967) 



* Fix decode_bmp crash by adding length check before reading the data in buffer

This fix tries to address the issue raised in 14959 where
the bmp content length was not checked before reading the buffer.
As a result, decode_bmp might trigger a crash if the content of bmp
is incomplete.

This fix fixes the issue by adding the needed check before
reading the data.

This fix fixes 14959.

Signed-off-by: default avatarYong Tang <yong.tang.github@outlook.com>

* Sanitize decode_bmp_op.cc with clang-format -i --style=Google

Signed-off-by: default avatarYong Tang <yong.tang.github@outlook.com>

* Add additional check to make sure header is safe to access in bmp

Signed-off-by: default avatarYong Tang <yong.tang.github@outlook.com>

* Not require padding (as paddings are not accessed)

Signed-off-by: default avatarYong Tang <yong.tang.github@outlook.com>

* Remove duplicated row_size calculation.

Signed-off-by: default avatarYong Tang <yong.tang.github@outlook.com>

* Add test cases for decoding incomplete bmp

Signed-off-by: default avatarYong Tang <yong.tang.github@outlook.com>
parent 91ebf297
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment