mirror of
https://github.com/juce-framework/JUCE.git
synced 2026-01-10 23:44:24 +00:00
0223e44ae7
In CoreGraphicsPixelData::createImage, image data was copied from a BitmapData created from the Image passed into the function. The BitmapData instance didn't keep track of the size of the buffer it pointed to, so the buffer size was computed by multiplying the BitmapData height by its line stride. However, if the BitmapData pointed to a subsection of an image, the `data` pointer might be offset from the allocated region, and `data + lineStride * height` would point past the end of the allocated region. Trying to read/copy this range would cause a heap buffer overflow at the end of the range. This change adjusts BitmapData so that it keeps track of the size of the allocated region. Taking a subsection of an image should subtract the data pointer offset from the size of the allocated region. |
||
|---|---|---|
| .. | ||
| accessibility | ||
| java/app/com/rmsl/juce | ||
| javaopt/app/com/rmsl/juce | ||
| x11 | ||
| juce_android_ContentSharer.cpp | ||
| juce_android_FileChooser.cpp | ||
| juce_android_Windowing.cpp | ||
| juce_common_MimeTypes.cpp | ||
| juce_ios_ContentSharer.cpp | ||
| juce_ios_FileChooser.mm | ||
| juce_ios_UIViewComponentPeer.mm | ||
| juce_ios_Windowing.mm | ||
| juce_linux_FileChooser.cpp | ||
| juce_linux_Windowing.cpp | ||
| juce_mac_FileChooser.mm | ||
| juce_mac_MainMenu.mm | ||
| juce_mac_MouseCursor.mm | ||
| juce_mac_NSViewComponentPeer.mm | ||
| juce_mac_Windowing.mm | ||
| juce_MultiTouchMapper.h | ||
| juce_ScopedDPIAwarenessDisabler.h | ||
| juce_win32_DragAndDrop.cpp | ||
| juce_win32_FileChooser.cpp | ||
| juce_win32_ScopedThreadDPIAwarenessSetter.h | ||
| juce_win32_Windowing.cpp | ||