fix(libs): fix possible buffer underflow caused by extension matching (#3250)

Signed-off-by: pengyiqiang <pengyiqiang@xiaomi.com>

Co-authored-by: pengyiqiang <pengyiqiang@xiaomi.com>

src/extra/libs/bmp/lv_bmp.c

@@ -79,7 +79,7 @@ static lv_res_t decoder_info(lv_img_decoder_t * decoder, const void * src, lv_im
     /*If it's a BMP file...*/
     if(src_type == LV_IMG_SRC_FILE) {
         const char * fn = src;
-        if(!strcmp(&fn[strlen(fn) - 3], "bmp")) {              /*Check the extension*/
+        if(strcmp(lv_fs_get_ext(fn), "bmp") == 0) {              /*Check the extension*/
             /*Save the data in the header*/
             lv_fs_file_t f;
             lv_fs_res_t res = lv_fs_open(&f, src, LV_FS_MODE_RD);
@@ -129,7 +129,9 @@ static lv_res_t decoder_open(lv_img_decoder_t * decoder, lv_img_decoder_dsc_t *
     if(dsc->src_type == LV_IMG_SRC_FILE) {
         const char * fn = dsc->src;
 
-        if(strcmp(&fn[strlen(fn) - 3], "bmp")) return LV_RES_INV;       /*Check the extension*/
+        if(strcmp(lv_fs_get_ext(fn), "bmp") != 0) {
+            return LV_RES_INV;       /*Check the extension*/
+        }
 
         bmp_dsc_t b;
         memset(&b, 0x00, sizeof(b));

src/extra/libs/png/lv_png.c

@@ -70,7 +70,7 @@ static lv_res_t decoder_info(struct _lv_img_decoder_t * decoder, const void * sr
     /*If it's a PNG file...*/
     if(src_type == LV_IMG_SRC_FILE) {
         const char * fn = src;
-        if(!strcmp(&fn[strlen(fn) - 3], "png")) {              /*Check the extension*/
+        if(strcmp(lv_fs_get_ext(fn), "png") == 0) {              /*Check the extension*/
 
             /* Read the width and height from the file. They have a constant location:
              * [16..23]: width
@@ -134,8 +134,7 @@ static lv_res_t decoder_open(lv_img_decoder_t * decoder, lv_img_decoder_dsc_t *
     /*If it's a PNG file...*/
     if(dsc->src_type == LV_IMG_SRC_FILE) {
         const char * fn = dsc->src;
-
+        if(strcmp(lv_fs_get_ext(fn), "png") == 0) {              /*Check the extension*/
-        if(!strcmp(&fn[strlen(fn) - 3], "png")) {              /*Check the extension*/
 
             /*Load the PNG file into buffer. It's still compressed (not decoded)*/
             unsigned char * png_data;      /*Pointer to the loaded data. Same as the original file just loaded into the RAM*/

src/extra/libs/sjpg/lv_sjpg.c

@@ -211,7 +211,7 @@ end:
     }
     else if(src_type == LV_IMG_SRC_FILE) {
         const char * fn = src;
-        if(!strcmp(&fn[strlen(fn) - 5], ".sjpg")) {
+        if(strcmp(lv_fs_get_ext(fn), "sjpg") == 0) {
 
             uint8_t buff[22];
             memset(buff, 0, sizeof(buff));
@@ -246,7 +246,7 @@ end:
 
             }
         }
-        else if(!strcmp(&fn[strlen(fn) - 4], ".jpg")) {
+        else if(strcmp(lv_fs_get_ext(fn), "jpg") == 0) {
             lv_fs_file_t file;
             lv_fs_res_t res = lv_fs_open(&file, fn, LV_FS_MODE_RD);
             if(res != LV_FS_RES_OK) return 78;
@@ -503,7 +503,7 @@ end:
         const char * fn = dsc->src;
         uint8_t * data;
 
-        if(!strcmp(&fn[strlen(fn) - 5], ".sjpg")) {
+        if(strcmp(lv_fs_get_ext(fn), "sjpg") == 0) {
 
             uint8_t buff[22];
             memset(buff, 0, sizeof(buff));
@@ -606,7 +606,7 @@ end:
                 return LV_RES_OK;
             }
         }
-        else if(!strcmp(&fn[strlen(fn) - 4], ".jpg")) {
+        else if(strcmp(lv_fs_get_ext(fn), "jpg") == 0) {
 
             lv_fs_file_t lv_file;
             lv_fs_res_t res = lv_fs_open(&lv_file, fn, LV_FS_MODE_RD);