fileformat/resource_table: add more checks to icon resource processing.

This fixes and prevents segfaults in PE icon resource parsing and hash
computation. This fixes internal issue ODIN-109.

Author: PeterMatula

include/retdec/fileformat/types/resource_table/bitmap_image.h

@@ -19,14 +19,14 @@ namespace fileformat {
 struct BitmapInformationHeader
 {
 	std::uint32_t size;                      ///< size of header (must be 40)
-	std::int32_t width;                      ///< width (signed)
-	std::int32_t height;                     ///< height (signed)
+	std::uint32_t width;                     ///< width
+	std::uint32_t height;                    ///< height
 	std::uint16_t planes;                    ///< color planes (must be 1)
 	std::uint16_t bitCount;                  ///< bpp color depth
 	std::uint32_t compression;               ///< compression
 	std::uint32_t bitmapSize;                ///< size of bitmap
-	std::int32_t horizontalRes;              ///< horizontal resolution (signed, hint for BMP reader)
-	std::int32_t verticalRes;                ///< vertical resolution (signed, hint for BMP reader)
+	std::uint32_t horizontalRes;             ///< horizontal resolution (hint for BMP reader)
+	std::uint32_t verticalRes;               ///< vertical resolution (hint for BMP reader)
 	std::uint32_t colorsUsed;                ///< number of colors in the image
 	std::uint32_t colorImportant;            ///< minimal number of important colors (generaly ignored)
 

src/fileformat/types/resource_table/bitmap_image.cpp

@@ -120,14 +120,14 @@ bool BitmapImage::parseDibHeader(const ResourceIcon &icon, struct BitmapInformat
 
 	std::size_t offset = 0;
 	res.size = *reinterpret_cast<uint32_t *>(&bytes.data()[offset]); offset += sizeof(res.size);
-	res.width = *reinterpret_cast<int32_t *>(&bytes.data()[offset]); offset += sizeof(res.width);
-	res.height = *reinterpret_cast<int32_t *>(&bytes.data()[offset]); offset += sizeof(res.height);
+	res.width = *reinterpret_cast<uint32_t *>(&bytes.data()[offset]); offset += sizeof(res.width);
+	res.height = *reinterpret_cast<uint32_t *>(&bytes.data()[offset]); offset += sizeof(res.height);
 	res.planes = *reinterpret_cast<uint16_t *>(&bytes.data()[offset]); offset += sizeof(res.planes);
 	res.bitCount = *reinterpret_cast<uint16_t *>(&bytes.data()[offset]); offset += sizeof(res.bitCount);
 	res.compression = *reinterpret_cast<uint32_t *>(&bytes.data()[offset]); offset += sizeof(res.compression);
 	res.bitmapSize = *reinterpret_cast<uint32_t *>(&bytes.data()[offset]); offset += sizeof(res.bitmapSize);
-	res.horizontalRes = *reinterpret_cast<int32_t *>(&bytes.data()[offset]); offset += sizeof(res.horizontalRes);
-	res.verticalRes = *reinterpret_cast<int32_t *>(&bytes.data()[offset]); offset += sizeof(res.verticalRes);
+	res.horizontalRes = *reinterpret_cast<uint32_t *>(&bytes.data()[offset]); offset += sizeof(res.horizontalRes);
+	res.verticalRes = *reinterpret_cast<uint32_t *>(&bytes.data()[offset]); offset += sizeof(res.verticalRes);
 	res.colorsUsed = *reinterpret_cast<uint32_t *>(&bytes.data()[offset]); offset += sizeof(res.colorsUsed);
 	res.colorImportant = *reinterpret_cast<uint32_t *>(&bytes.data()[offset]); offset += sizeof(res.colorImportant);
 
@@ -147,7 +147,8 @@ bool BitmapImage::parseDibHeader(const ResourceIcon &icon, struct BitmapInformat
 	}
 
 	if (res.size != res.headerSize() || res.planes != 1 || res.compression != 0 ||
-		res.width * 2 != res.height || res.width > 512 || res.bitCount > 32)
+		res.width * 2 != res.height || res.width > 512 || res.height > 1024 ||
+		res.bitCount > 32)
 	{
 		return false;
 	}
@@ -209,6 +210,11 @@ bool BitmapImage::parseDib1Data(const ResourceIcon &icon, const struct BitmapInf
 		{
 			for (std::size_t i = 0; i < 8; i++)
 			{
+				if (bytes.size() <= offset)
+				{
+					return false;
+				}
+
 				auto bit = (bytes[offset] & (0x01 << (7 - i)));
 				auto index = (bit == 0) ? 0 : 1;
 				row.push_back(palette[index]);
@@ -223,6 +229,11 @@ bool BitmapImage::parseDib1Data(const ResourceIcon &icon, const struct BitmapInf
 		{
 			for (std::size_t i = 0; i < rest; i++)
 			{
+				if (bytes.size() <= offset)
+				{
+					return false;
+				}
+
 				auto index = !!(bytes[offset] & (0x01 << (7 - i)));
 				row.push_back(palette[index]);
 			}
@@ -289,13 +300,23 @@ bool BitmapImage::parseDib4Data(const ResourceIcon &icon, const struct BitmapInf
 
 		for (std::size_t j = 0; j < nColumns / 2; j++)
 		{
+			if (bytes.size() <= offset)
+			{
+				return false;
+			}
+
 			row.push_back(palette[bytes[offset] >> 4]);
 			row.push_back(palette[bytes[offset] & 0x0F]);
 			offset++;
 		}
 
 		if (nColumns % 2)
 		{
+			if (bytes.size() <= offset)
+			{
+				return false;
+			}
+
 			row.push_back(palette[bytes[offset] >> 4]);
 			offset++;
 		}
@@ -360,6 +381,11 @@ bool BitmapImage::parseDib8Data(const ResourceIcon &icon, const struct BitmapInf
 
 		for (std::size_t j = 0; j < nColumns; j++)
 		{
+			if (bytes.size() <= offset)
+			{
+				return false;
+			}
+
 			row.push_back(palette[bytes[offset]]);
 			offset += bytesPP;
 		}
@@ -409,6 +435,11 @@ bool BitmapImage::parseDib24Data(const ResourceIcon &icon, const struct BitmapIn
 
 		for (std::size_t j = 0; j < nColumns; j++)
 		{
+			if (bytes.size() <= (offset+2))
+			{
+				return false;
+			}
+
 			row.emplace_back(bytes[offset + 2], bytes[offset + 1], bytes[offset], 0xFF);
 			offset += bytesPP;
 		}
@@ -457,6 +488,11 @@ bool BitmapImage::parseDib32Data(const ResourceIcon &icon, const struct BitmapIn
 
 		for (std::size_t j = 0; j < nColumns; j++)
 		{
+			if (bytes.size() <= (offset+3))
+			{
+				return false;
+			}
+
 			row.emplace_back(bytes[offset + 2], bytes[offset + 1], bytes[offset], bytes[offset + 3]);
 			offset += bytesPP;
 		}
@@ -488,6 +524,11 @@ bool BitmapImage::parseDibPalette(const ResourceIcon &icon, std::vector<struct B
 
 	for (std::uint32_t i = 0; i < nBytes; i += 4)
 	{
+		if (bytes.size() <= (i+3))
+		{
+			return false;
+		}
+
 		palette.emplace_back(bytes[i + 2], bytes[i + 1], bytes[i], bytes[i + 3]);
 	}