Fix resolution parsing issue in HDR image header reading

xiaozhuai / imageinfo

Free Palestine🇵🇸🇵🇸🇵🇸Cross platform super fast single header c++ library to get image size and format without loading/decoding. Support avif, bmp, cur, dds, gif, hdr (pic), heic (heif), icns, ico, j2k, jp2, jpeg (jpg), jpx, ktx, png, psd, qoi, tga, tiff (tif), webp ...

MIT License

107 stars 26 forks source link

Fix resolution parsing issue in HDR image header reading #10

Closed chan233 closed 1 month ago

chan233 commented 2 months ago

Added safety checks for string to integer conversion.

When a maliciously crafted HDR file is encountered, the program may crash because it only verifies the file header and does not validate the resolution field's validity. This is an example of a file that causes the program to crash.

crashs.tar.gz

tar -xvf  crashs.tar.gz
imageinfo crash_2

xiaozhuai commented 1 month ago

Hello @chan233 , this pr looks good to me. Thank you! In order to make the CI green, I modified your PR. It's merged.