phaneron/Kelsidavis-WoWee
1
0
Fork 0
mirror of https://github.com/Kelsidavis/WoWee.git synced 2026-05-07 09:33:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix(assets): cap PNG override texture dimensions at 8K to prevent OOM

Browse source 
stbi_load happily decodes any PNG up to 32K x 32K — at 4 bytes/pixel
that's 4GB which OOMs the editor before the override even returns.
WoW textures top out at 4K; 8K cap leaves headroom for HD upgrades
without enabling abuse. Also widens the wxh multiplication to size_t
to defeat int overflow on 8K x 8K images.
This commit is contained in:
Kelsi 2026-05-06 06:09:13 -07:00
parent 2d8c843704
commit b5a9ce7816
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/pipeline/asset_manager.cpp
View file

@ -261,6 +261,13 @@ BLPImage AssetManager::tryLoadPngOverride(const std::string& normalizedPath) con
LOG_WARNING("PNG override exists but failed to load: ", pngPath);
return BLPImage();
}
// Cap texture dimensions. WoW textures top out at 4K; stbi can return
// 32K x 32K which would allocate 4GB on a malicious PNG.
if (w <= 0 || h <= 0 || w > 8192 || h > 8192) {
LOG_WARNING("PNG override dimensions out of range (", w, "x", h, "): ", pngPath);
stbi_image_free(pixels);
return BLPImage();
}
BLPImage image;
image.width = w;
@ -268,7 +275,7 @@ BLPImage AssetManager::tryLoadPngOverride(const std::string& normalizedPath) con
image.channels = 4;
image.format = BLPFormat::BLP2;
image.compression = BLPCompression::ARGB8888;
image.data.assign(pixels, pixels + (w * h * 4));
image.data.assign(pixels, pixels + (static_cast<size_t>(w) * h * 4));
stbi_image_free(pixels);
LOG_INFO("PNG override loaded: ", pngPath, " (", w, "x", h, ")");