grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2] video/readers: Add artificial limit to image dimensions

From: Daniel Kiper
Subject: Re: [PATCH v2] video/readers: Add artificial limit to image dimensions
Date: Thu, 27 Oct 2022 13:07:05 +0200 
On Thu, Oct 27, 2022 at 10:21:42AM +0100, Darren Kenny wrote:
> Hi Alec,
>
> On Thursday, 2022-10-27 at 01:16:44 +01, Alec Brown wrote:
> > In grub-core/video/readers/jpeg.c, the height and width of a JPEG image 
> > don't
> > have an upper limit for how big the JPEG image can be. In coverity, this is
> > getting flagged as an untrusted loop bound. This issue can also seen in PNG 
> > and
> > TGA format images as well but coverity isn't flagging it. To prevent this, 
> > the
> > constant IMAGE_HW_MAX_PX is being added to bitmap.h, which has a value of 
> > 16384,
> > to act as an artifical limit and restrict the height and width of images. 
> > This
> > value was picked as it is double the current max resolution size, which is 
> > 8K.
> >
> > Fixes: CID 292450
> >
> > Signed-off-by: Alec Brown <alec.r.brown@oracle.com>
> >
> Looks good to me, so:
>
> Reviewed-by: Darren Kenny <darren.kenny@oracle.com>

Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Daniel
reply via email to
[Prev in Thread] Current Thread [Next in Thread]