Disallow unknown BMP header sizes, to prevent them being misread.

countingpine · countingpine · commit 7b5946c9c0b1 · 2014-11-24T20:38:35.000Z
Allowed sizes are:
    12: OS/2 V1 (BITMAPCOREHEADER)
    40:  BITMAPINFOHEADER
    56:  BITMAPV3HEADER (undocumented)
    108: BITMAPV4HEADER
    124: BITMAPV5HEADER
diff --git a/changelog.txt b/changelog.txt
@@ -54,7 +54,8 @@ Version 1.01.0
 - DRAW was not unsetting the B/N qualifiers after 0-length directional commands, e.g. "R0", resulting in them being applied to the following command, e.g. DRAW "B U0D0L0R0 R10" would not draw "R10"
 - Bad code was generated when initializing integer variables with a wstring-indexing expressions
 - #723: LINE clipping now doesn't affect which (unclipped) pixels are plotted, eliminating rounding differences and correctly preserving the position of the style bits
-- BLOAD was silently misreading bitfields for BMPs with BITMAPV3HEADER format (56-byte) headers
+- BLOAD now gives an error if it encounters a BMP file with an unknown header size
+- BLOAD was misreading bitfields in BMP files with undocumented BITMAPV3HEADER format (56-byte headers)
 
 
 Version 1.00.0 (former 0.91.0):
diff --git a/src/gfxlib2/gfx_bload.c b/src/gfxlib2/gfx_bload.c
@@ -201,6 +201,18 @@ static int load_bmp(FB_GFXCTX *ctx, FILE *f, void *dest, void *pal, int usenewhe
 	    (!fread_32_le(&biSize, f)))
 		return FB_RTERROR_FILEIO;
 
+	switch (biSize)
+	{
+		case 12:  /* OS/2 V1 (BITMAPCOREHEADER) */
+		case 40:  /* BITMAPINFOHEADER */
+		case 56:  /* BITMAPV3HEADER (undocumented) */
+		case 108: /* BITMAPV4HEADER */
+		case 124: /* BITMAPV5HEADER */
+			break;
+		default:
+			return FB_RTERROR_FILEIO;
+	}
+
 	if (biSize == 12) {
 		/* OS/2 V1 (BITMAPCOREHEADER) */
 		if ((!fread_16_le(&bcWidth, f)) ||
