On Thu, Oct 27, 2022 at 10:21:42AM +0100, Darren Kenny wrote: > Hi Alec, > > On Thursday, 2022-10-27 at 01:16:44 +01, Alec Brown wrote: > > In grub-core/video/readers/jpeg.c, the height and width of a JPEG image > > don't > > have an upper limit for how big the JPEG image can be. In coverity, this is > > getting flagged as an untrusted loop bound. This issue can also seen in PNG > > and > > TGA format images as well but coverity isn't flagging it. To prevent this, > > the > > constant IMAGE_HW_MAX_PX is being added to bitmap.h, which has a value of > > 16384, > > to act as an artifical limit and restrict the height and width of images. > > This > > value was picked as it is double the current max resolution size, which is > > 8K. > > > > Fixes: CID 292450 > > > > Signed-off-by: Alec Brown <alec.r.br...@oracle.com> > > > Looks good to me, so: > > Reviewed-by: Darren Kenny <darren.ke...@oracle.com>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
