Jump to content

Buffer overflow in BMP open


Recommended Posts

gdispImageOpen_BMP() functions uses up to 36 bytes of allocated buffer in priv->buf.

Default allocated length of priv->buf is defined by GDISP_IMAGE_BMP_BLIT_BUFFER_SIZE which is only 32 bytes. By default this causes a buffer overflow,.

Please increase default value of GDISP_IMAGE_BMP_BLIT_BUFFER_SIZE to 36.

Link to comment
Share on other sites

  • 4 weeks later...

The problem does not occur for most people as GDISP_IMAGE_BMP_BLIT_BUFFER_SIZE is specified in pixels (not bytes). The issue occurs for pixel formats of a byte per pixel or less.

This has now been corrected by using the compiler to detect if it is too small and adjust the setting if necessary (along with displaying a warning).

 

This is now in the repository.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...