mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng16] Document need to check for integer overflow when allocating a pixel

Browse Source 
buffer for multiple rows in contrib/gregbook, contrib/pngminus, example.c, and
in the manual (suggested by Jaeseung Choi).
This commit is contained in:
Glenn Randers-Pehrson
2017-04-22 15:21:58 -05:00
parent 13370c536c
commit 53f22aed41
13 changed files with 118 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
contrib/gregbook/wpng.c
View File

@@ -702,7 +702,17 @@ int main(int argc, char **argv)
if (wpng_info.interlaced) {
long i;
ulg bytes;
ulg image_bytes = rowbytes * wpng_info.height; /* overflow? */
ulg image_bytes;
/* Guard against integer overflow */
if (wpng_info_height > ((size_t)(-1)/rowbytes) {
fprintf(stderr, PROGNAME ": image_data buffer too large\n");
writepng_cleanup(&wpng_info);
wpng_cleanup();
exit(5);
}
image_bytes = rowbytes * wpng_info.height; /* overflow? */
wpng_info.image_data = (uch *)malloc(image_bytes);
wpng_info.row_pointers = (uch **)malloc(wpng_info.height*sizeof(uch *));