From 3e738f22cf8883ce4bf6b7afeb0297e4d2924685 Mon Sep 17 00:00:00 2001
From: Turo Lamminen <turotl@gmail.com>
Date: Sat, 09 May 2015 16:43:24 +0000
Subject: [PATCH] Validate cube map size

---
 mojodds.c |   12 +++++++++++-
 1 files changed, 11 insertions(+), 1 deletions(-)

diff --git a/mojodds.c b/mojodds.c
index 524bca6..64b6938 100644
--- a/mojodds.c
+++ b/mojodds.c
@@ -351,10 +351,20 @@
         *_cubemapfacelen = 0;
         for (i = 0; i < (int)*_miplevels; i++)
         {
-            *_cubemapfacelen += ((MAX( wd, blockDim ) / blockDim) * (MAX( ht, blockDim ) / blockDim)) * blockSize;
+            uint32_t mipLen = MAX((wd + blockDim - 1) / blockDim, 1) * MAX((ht + blockDim - 1) / blockDim, 1) * blockSize;
+            if (UINT32_MAX - mipLen < *_cubemapfacelen) {
+                // data size would overflow 32-bit uint, invalid file
+                return 0;
+            }
+            *_cubemapfacelen += mipLen;
             wd >>= 1;
             ht >>= 1;
         }
+
+        // 6 because cube faces
+        if (*len < (*_cubemapfacelen) * 6) {
+            return 0;
+        }
     }
     else if (*_textureType == MOJODDS_TEXTURE_2D)
     {

--
Gitblit v1.9.3