Skip to content

bmp: add pixel count limit for large dimensions#28

Open
TristanInSec wants to merge 1 commit into
golang:masterfrom
TristanInSec:fix-bmp-dimension-limit
Open

bmp: add pixel count limit for large dimensions#28
TristanInSec wants to merge 1 commit into
golang:masterfrom
TristanInSec:fix-bmp-dimension-limit

Conversation

@TristanInSec
Copy link
Copy Markdown

@TristanInSec TristanInSec commented Mar 26, 2026

The BMP decoder does not validate the relationship between width and height values read from the file header. Very large dimensions can cause image.New* to panic with "huge or negative dimensions" instead of returning a proper error.

This change adds a pixel count check (int64(width)*int64(height) > 1<<30) to convert this panic into a proper error return. The limit (~1 billion pixels, ~4 GiB at 4 bytes per pixel) still permits images well beyond typical BMP usage.

This is consistent with the TIFF decoder's maxChunkSize approach for bounding allocations from untrusted input.

Change: 8 lines added to bmp/reader.go.

@TristanInSec
bmp: add pixel count limit for large dimensions
6caeaa3 
The BMP decoder does not validate the relationship between width
and height values read from the file header. Very large
dimensions can cause image.New* to panic instead of returning an
error.

Add a pixel count check (1<<30, approximately 1 billion pixels)
to convert this panic into a proper error return. This is
consistent with the TIFF decoder's maxChunkSize approach for
bounding allocations from untrusted input.
@gopherbot
Copy link
Copy Markdown
Contributor

gopherbot commented Mar 26, 2026

This PR (HEAD: 6caeaa3) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/image/+/759701.

Important tips:

  • Don't comment on this PR. All discussion takes place in Gerrit.
  • You need a Gmail or other Google account to log in to Gerrit.
  • To change your code in response to feedback:
    • Push a new commit to the branch used by your GitHub PR.
    • A new "patch set" will then appear in Gerrit.
    • Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
    • Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
    • Multiple commits in the PR will be squashed by GerritBot.
  • The title and description of the GitHub PR are used to construct the final commit message.
    • Edit these as needed via the GitHub web interface (not via Gerrit or git).
    • You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
  • See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

@gopherbot
Copy link
Copy Markdown
Contributor

gopherbot commented Mar 26, 2026

Message from Gopher Robot:

Patch Set 1:

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/759701.
After addressing review feedback, remember to publish your drafts!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@TristanInSec @gopherbot