[libpng16] Check for integer overflow in contrib/visupng.

2025-07-10 18:04:09 +02:00 · 2017-04-23 17:33:10 -05:00
parent 0808d75851
commit 170a44b222
4 changed files with 17 additions and 3 deletions
--- a/contrib/visupng/VisualPng.c
+++ b/contrib/visupng/VisualPng.c
@@ -726,6 +726,10 @@ BOOL DisplayImage (HWND hwnd, BYTE **ppDib,
        pDib = NULL;
    }

+    if (cyWinSize > ((size_t)(-1))/wDIRowBytes) {
+    {
+        MessageBox (hwnd, TEXT ("Visual PNG: image is too big");
+    }
    if (!(pDib = (BYTE *) malloc (sizeof(BITMAPINFOHEADER) +
        wDIRowBytes * cyWinSize)))
    {
@@ -847,6 +851,10 @@ BOOL FillBitmap (
            cxImgPos = (cxWinSize - cxNewSize) / 2;
        }

+        if (cyNewSize > ((size_t)(-1))/(cImgChannels * cxNewSize)) {
+        {
+            MessageBox (hwnd, TEXT ("Visual PNG: stretched image is too big");
+        }
        pStretchedImage = malloc (cImgChannels * cxNewSize * cyNewSize);
        pImg = pStretchedImage;