From c3cf674cb444696a36f720f785878b41225af063 Mon Sep 17 00:00:00 2001 From: "Christoph M. Becker" <cmbecker69@gmx.de> Date: Fri, 30 Sep 2016 17:37:00 +0200 Subject: [PATCH] Fix overflow checks We check for the proper sizeofs and add the additional sx*sy check for gdImageCreate(), which serves as a quick check for totally oversized images. --- src/gd.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/gd.c b/src/gd.c index 612e498a..2265efe7 100644 --- a/src/gd.c +++ b/src/gd.c @@ -192,7 +192,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreate (int sx, int sy) if (overflow2(sizeof (unsigned char *), sy)) { return NULL; } - if (overflow2(sizeof (unsigned char *), sx)) { + if (overflow2(sizeof (unsigned char), sx)) { return NULL; } @@ -296,12 +296,10 @@ BGD_DECLARE(gdImagePtr) gdImageCreateTrueColor (int sx, int sy) if (overflow2(sx, sy)) { return NULL; } - if (overflow2(sizeof (int *), sy)) { return 0; } - - if (overflow2(sizeof(int *), sx)) { + if (overflow2(sizeof(int), sx)) { return NULL; }