From 1c2f37ede69caad5b247265566477f757a35dd21 Mon Sep 17 00:00:00 2001 From: cspark Date: Sat, 20 Jul 2024 22:09:44 +0100 Subject: [PATCH] Fix buffer overflow and properly init pixel array --- .gitignore | 3 ++- lib/bmp.c | 17 +++++++++++++---- lib/bmp.h | 1 + test.bmp | Bin 70 -> 0 bytes 4 files changed, 16 insertions(+), 5 deletions(-) delete mode 100755 test.bmp diff --git a/.gitignore b/.gitignore index f8305e7..fe2a10e 100755 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ -a.out \ No newline at end of file +a.out +*.bmp diff --git a/lib/bmp.c b/lib/bmp.c index e04a703..da45a5f 100644 --- a/lib/bmp.c +++ b/lib/bmp.c @@ -5,16 +5,20 @@ #include "bmp.h" uint32_t calc_bitmap_pixel_array_size_bytes(bitmap *bitmap_in) { - /* We will assume that the bitmap bits per pixel is always a multiple of 8 and sizeof byte is always 8 */ + /* We will assume that the bitmap bits per pixel is always a multiple of 8 and sizeof byte is always 8 bits */ uint32_t bytes_unpadded = (bitmap_in->image_width * bitmap_in->image_height * bitmap_in->bits_per_pixel) / 8; return bytes_unpadded + (bytes_unpadded % 8); /* Add padding to ensure 4 byte allignment */ }; uint32_t calc_bitmap_file_size_bytes(bitmap *bitmap_in) { - /* We will assume that the bitmap bits per pixel is always a multiple of 8 and sizeof byte is always 8 */ + /* We will assume that the bitmap bits per pixel is always a multiple of 8 and sizeof byte is always 8 bits */ return sizeof(bitmap) + calc_bitmap_pixel_array_size_bytes(bitmap_in) - 2 ; /* Take away two to account for compiler padding struct */ }; +uint32_t calc_bitmap_header_size_bytes() { + return sizeof(bitmap) - 2 ; /* Take away two to account for compiler padding struct */ +}; + bitmap init_bitmap(int32_t image_width_in, int32_t image_height_in) { bitmap new_bitmap; /* Bitmap Info Header */ @@ -44,12 +48,17 @@ bitmap init_bitmap(int32_t image_width_in, int32_t image_height_in) { int write_to_bitmap(bitmap *bitmap_in, char *filename) { int8_t write_status; + uint32_t current_byte; + uint8_t blank_byte_buffer[1] = { 0 }; uint8_t *bitmap_in_byte_ptr = (uint8_t *)bitmap_in + 2; /* Offset by two to account for padding */ int8_t fd = open(filename, O_WRONLY | O_CREAT); if (fd == -1) return -1; - /* This is writing out of bounds (bitmap < bitmap_file_size), please fix */ - write_status = write(fd, bitmap_in_byte_ptr, calc_bitmap_file_size_bytes(bitmap_in)); + /* Write Header */ + write_status = write(fd, bitmap_in_byte_ptr, calc_bitmap_header_size_bytes()); + /* Write blank pixel array */ + for (current_byte = bitmap_in->image_data_start_offset; current_byte < calc_bitmap_file_size_bytes(bitmap_in); ++current_byte) + write_status = pwrite(fd, blank_byte_buffer, 1, current_byte); if (fd == -1) { close(fd); return -1; diff --git a/lib/bmp.h b/lib/bmp.h index e67eda4..1f8570b 100644 --- a/lib/bmp.h +++ b/lib/bmp.h @@ -44,6 +44,7 @@ bitmap init_bitmap(int32_t image_width_in, int32_t image_height_in); uint32_t calc_bitmap_file_size_bytes(bitmap *bitmap_in); uint32_t calc_bitmap_pixel_array_size_bytes(bitmap *bitmap_in); +uint32_t calc_bitmap_header_size_bytes(); int write_to_bitmap(bitmap *bitmap_in, char *filename); diff --git a/test.bmp b/test.bmp deleted file mode 100755 index 8243851c2107e2545f820924c409817f06151a47..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 70 lcmZ?rbz^`4Ga#h_#7t1k$RGih5CD?G+z<>FKq45SYye#`0iFN=