From 7139f3cf7c8bc576bea1dbd07c58ce1ad92b774a Mon Sep 17 00:00:00 2001
From: Matthias Kramm <kramm@quiss.org>
Date: Wed, 26 Apr 2017 09:02:20 -0700
Subject: [PATCH] Fix an integer overflow issue in png.c
This aims to fix https://github.com/matthiaskramm/swftools/issues/13
---
lib/png.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/lib/png.c b/lib/png.c
index 66eebb44..44a4b425 100644
--- a/lib/png.c
+++ b/lib/png.c
@@ -575,8 +575,12 @@ EXPORT int png_load(const char*sname, unsigned*destwidth, unsigned*destheight, u
*destwidth = header.width;
*destheight = header.height;
-
- data2 = (unsigned char*)malloc(header.width*header.height*4);
+
+ unsigned long long alloclen_64 = (unsigned long long)header.width * header.height * 4;
+ if (alloclen_64 > 0xffffffffl) {
+ return 0;
+ }
+ data2 = (unsigned char*)malloc((size_t)alloclen_64);
if(header.mode == 4)
{
--
2.12.2
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
343d569428081b82d8a748abe059a14b
>
files
>
1
