mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng16] Document need to check for integer overflow when allocating a pixel

Browse Source 
buffer for multiple rows in contrib/gregbook, contrib/pngminus, example.c, and
in the manual (suggested by Jaeseung Choi).
This commit is contained in:
Glenn Randers-Pehrson
2017-04-22 15:21:58 -05:00
parent 13370c536c
commit 53f22aed41
13 changed files with 118 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
contrib/gregbook/rpng-win.c
View File

@@ -496,6 +496,12 @@ static int rpng_win_create_window(HINSTANCE hInst, int showmode)
wimage_rowbytes = ((3*image_width + 3L) >> 2) << 2;
/* Guard against integer overflow */
if (image_height > ((size_t)(-1))/wimage_rowbytes) {
fprintf(stderr, PROGNAME ": image_data buffer would be too large\n",
return 4; /* fail */
}
if (!(dib = (uch *)malloc(sizeof(BITMAPINFOHEADER) +
wimage_rowbytes*image_height)))
{