Skip to content

Get wrong image when reading Bmp due to skipping extra bytes  #1716

New issue
New issue
Open
Open
Get wrong image when reading Bmp due to skipping extra bytes #1716
@XZiar

Description

@XZiar
XZiar
opened on Nov 5, 2024

sample image(rename it to bmp since github does not allow to upload bmp): bmp-rgba.txt

stb will skip extra bytes before reading actual data:

stb/stb_image.h

Lines 5654 to 5658 in 2e2bef4

} else {
int rshift=0,gshift=0,bshift=0,ashift=0,rcount=0,gcount=0,bcount=0,acount=0;
int z = 0;
int easy=0;
stbi__skip(s, info.offset - info.extra_read - info.hsz);

but those bytes have already been skipped earlier when handling plate-size=0 (the bytes_read_so_far is exactly info.extra_read + info.hsz here):

stb/stb_image.h

Lines 5564 to 5582 in 2e2bef4

if (psize == 0) {
// accept some number of extra bytes after the header, but if the offset points either to before
// the header ends or implies a large amount of extra data, reject the file as malformed
int bytes_read_so_far = s->callback_already_read + (int)(s->img_buffer - s->img_buffer_original);
int header_limit = 1024; // max we actually read is below 256 bytes currently.
int extra_data_limit = 256*4; // what ordinarily goes here is a palette; 256 entries*4 bytes is its max size.
if (bytes_read_so_far <= 0 || bytes_read_so_far > header_limit) {
return stbi__errpuc("bad header", "Corrupt BMP");
}
// we established that bytes_read_so_far is positive and sensible.
// the first half of this test rejects offsets that are either too small positives, or
// negative, and guarantees that info.offset >= bytes_read_so_far > 0. this in turn
// ensures the number computed in the second half of the test can't overflow.
if (info.offset < bytes_read_so_far || info.offset - bytes_read_so_far > extra_data_limit) {
return stbi__errpuc("bad offset", "Corrupt BMP");
} else {
stbi__skip(s, info.offset - bytes_read_so_far);
}
}

seems it's introduced by 1096389
the fix made an extra skip

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions