mirror/kimageformats
1
0
Fork 0
mirror of https://invent.kde.org/frameworks/kimageformats.git synced 2026-02-15 22:13:00 -05:00
Code Issues Packages Projects Releases Wiki Activity

TGA: ignoring large metadata on dev area

Browse Source
This commit is contained in:
Mirco Miranda
2025-10-23 14:30:47 +02:00
parent e8e5b091bc
commit 326e56029a
1 changed files with 11 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/imageformats/tga.cpp
View File

@ -82,6 +82,13 @@ enum TGAType {
#define TGA_XMPP_TAGID 0x7002 // Xmp packet preceded by "xMPP" string #define TGA_XMPP_TAGID 0x7002 // Xmp packet preceded by "xMPP" string
#define TGA_ICCP_TAGID 0x7003 // Icc profile preceded by "iCCP" string #define TGA_ICCP_TAGID 0x7003 // Icc profile preceded by "iCCP" string
/*
* Maximum size of a tag in the developer area.
*
* TGA is a 32-bit format so, a metadata should not be greater than some MB.
*/
#define DEV_TAG_MAX_SIZE (32 * 1024 * 1024)
/** Tga Header. */ /** Tga Header. */
struct TgaHeader { struct TgaHeader {
uchar id_length = 0; uchar id_length = 0;
@ -1232,6 +1239,10 @@ bool TGAHandler::readMetadata(QImage &image)
if (!dev->seek(f.offset)) { if (!dev->seek(f.offset)) {
return false; return false;
} }
if (f.size > DEV_TAG_MAX_SIZE) {
qCWarning(LOG_TGAPLUGIN) << "readMetadata: the size of TAG" << f.tagId << "is larger than" << (DEV_TAG_MAX_SIZE/1024/1024) << "MiB, so it will be ignored";
continue;
}
if (f.tagId == TGA_EXIF_TAGID) { if (f.tagId == TGA_EXIF_TAGID) {
auto ba = dev->read(f.size); auto ba = dev->read(f.size);
if (ba.startsWith(QByteArray("eXif"))) { if (ba.startsWith(QByteArray("eXif"))) {