mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng16] Document need to check for integer overflow when allocating a pixel

Browse Source 
buffer for multiple rows in contrib/gregbook, contrib/pngminus, example.c, and
in the manual (suggested by Jaeseung Choi).
This commit is contained in:
Glenn Randers-Pehrson
2017-04-22 15:21:58 -05:00
parent 13370c536c
commit 53f22aed41
13 changed files with 118 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
contrib/gregbook/readppm.c
View File

@@ -154,12 +154,17 @@ uch *readpng_get_image(double display_exponent, int *pChannels, ulg *pRowbytes)
*pRowbytes = rowbytes = channels*width;
*pChannels = channels;
if ((image_data = (uch *)malloc(rowbytes*height)) == NULL) {
Trace((stderr, "readpng_get_image: rowbytes = %ld, height = %ld\n", rowbytes, height));
/* Guard against integer overflow */
if (height > ((size_t)(-1))/rowbytes) {
fprintf(stderr, PROGNAME ": image_data buffer would be too large\n",
return NULL;
}
Trace((stderr, "readpng_get_image: rowbytes = %ld, height = %ld\n", rowbytes, height));
if ((image_data = (uch *)malloc(rowbytes*height)) == NULL) {
return NULL;
}
/* now we can go ahead and just read the whole image */