Fix T99711: Eternal loop reading blend file thumbnail

Account for negative BHead length (already handled by blend file loading).
Referenced by issue #99711, Endless Infinite loop in Blender-thumnailing due to logical bugs Referenced by issue #98661, 3.2: Potential candidates for corrective releases
2022-07-15 14:47:18 +10:00 · 2022-07-15 14:47:18 +10:00 · 24a2b5cb12 · 2023-02-13 15:16:26 +01:00
parent 32df09b241
commit 24a2b5cb12
1 changed files with 3 additions and 0 deletions
--- a/source/blender/blendthumb/src/blendthumb_extract.cc
+++ b/source/blender/blendthumb/src/blendthumb_extract.cc
@ -121,6 +121,9 @@ static eThumbStatus blendthumb_extract_from_file_impl(FileReader *file,
  while (file_read(file, bhead_data, bhead_size)) {
    /* Parse type and size from `BHead`. */
    const int32_t block_size = bytes_to_native_i32(&bhead_data[4], endian_switch);
+    if (UNLIKELY(block_size < 0)) {
+      return BT_INVALID_THUMB;
+    }

    /* We're looking for the thumbnail, so skip any other block. */
    switch (*((int32_t *)bhead_data)) {