From 7139f3cf7c8bc576bea1dbd07c58ce1ad92b774a Mon Sep 17 00:00:00 2001 From: Matthias Kramm <kramm@quiss.org> Date: Wed, 26 Apr 2017 09:02:20 -0700 Subject: [PATCH] Fix an integer overflow issue in png.c This aims to fix https://github.com/matthiaskramm/swftools/issues/13 --- lib/png.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/png.c b/lib/png.c index 66eebb44..44a4b425 100644 --- a/lib/png.c +++ b/lib/png.c @@ -575,8 +575,12 @@ EXPORT int png_load(const char*sname, unsigned*destwidth, unsigned*destheight, u *destwidth = header.width; *destheight = header.height; - - data2 = (unsigned char*)malloc(header.width*header.height*4); + + unsigned long long alloclen_64 = (unsigned long long)header.width * header.height * 4; + if (alloclen_64 > 0xffffffffl) { + return 0; + } + data2 = (unsigned char*)malloc((size_t)alloclen_64); if(header.mode == 4) { -- 2.12.2