Skip to content

reject undersized payload in load_ktx_compressed_image#658

Open
sahvx655-wq wants to merge 1 commit into
ARM-software:mainfrom
sahvx655-wq:ktx-compressed-payload-size
Open

reject undersized payload in load_ktx_compressed_image#658
sahvx655-wq wants to merge 1 commit into
ARM-software:mainfrom
sahvx655-wq:ktx-compressed-payload-size

Conversation

@sahvx655-wq

Copy link
Copy Markdown
Contributor

load_ktx_compressed_image reads the KTX imageSize field as the compressed payload length and reads the pixel dimensions from separate header fields, but never checks the two agree. A crafted .ktx can declare dimensions spanning many blocks while carrying a payload sized for far fewer, so the loader hands back an astc_compressed_image whose data buffer is smaller than its own dimensions imply. I noticed this comparing the KTX path with load_cimage, which sizes the payload from the dimensions and so cannot store an inconsistent pair.

The change derives the block count from the dimensions and the format block footprint with astc::mul_safe and rejects the file when imageSize cannot cover it, matching how load_cimage sizes its own payload. astcenc_decompress_image already re-checks the length before its block loop, so a plain -dl decode was refused either way, but print_diagnostic_image walks block_cols * block_rows blocks straight out of the payload with no length check of its own; validating in the loader keeps every consumer working from a consistent object instead of re-deriving the bound.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant