mirror/aseprite
1
0
Fork 0
mirror of https://github.com/aseprite/aseprite.git synced 2025-03-26 17:37:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix crash recovering sessions from v1.2.9 or older

Browse Source 
The issue here was the missing color space was allocating an huge
std::vector() because we had an invalid color space size from
read32().
This commit is contained in:
David Capello 2020-06-05 11:59:11 -03:00
parent ae40198106
commit 2550e28c83
1 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/app/crash/read_document.cpp
View File

@ -343,14 +343,18 @@ private:
}
// Read color space
gfx::ColorSpacePtr colorSpace = readColorSpace(s);
if (colorSpace)
spr->setColorSpace(colorSpace);
if (!s.eof()) {
gfx::ColorSpacePtr colorSpace = readColorSpace(s);
if (colorSpace)
spr->setColorSpace(colorSpace);
}
// Read grid bounds
gfx::Rect gridBounds = readGridBounds(s);
if (!gridBounds.isEmpty())
spr->setGridBounds(gridBounds);
if (!s.eof()) {
gfx::Rect gridBounds = readGridBounds(s);
if (!gridBounds.isEmpty())
spr->setGridBounds(gridBounds);
}
return spr.release();
}
@ -360,6 +364,12 @@ private:
const gfx::ColorSpace::Flag flags = (gfx::ColorSpace::Flag)read16(s);
const double gamma = fixmath::fixtof(read32(s));
const size_t n = read32(s);
// If the color space file is to big, it's because the sprite file
// is invalid or or from an old session without color spcae.
if (n > 1024*1024*64) // 64 MB is too much for an ICC file
return nullptr;
std::vector<uint8_t> buf(n);
if (n)
s.read((char*)&buf[0], n);