Commits

tabe  committed 556ee52

check integer overflows.

  • Participants
  • Parent commits 300e81e
  • Branches GD-2.0

Comments (0)

Files changed (2)

File src/gd_nnquant.c

 	 * It alos lets us convert palette image, if one likes to reduce
 	 * a palette
 	 */
+	if (overflow2(gdImageSX(im), gdImageSY(im))
+		|| overflow2(gdImageSX(im) * gdImageSY(im), 4)) {
+		goto done;
+	}
 	rgba = (unsigned char *) gdMalloc(gdImageSX(im) * gdImageSY(im) * 4);
 	if (!rgba) {
 		goto done;

File src/gd_tga.c

 		return -1;
 	}
 
+	if(overflow2(image_block_size, sizeof(byte))) {
+		return -1;
+	}
+
 	/*!	\brief Allocate memmory for image block
 	 *  Allocate a chunk of memory for the image block to be passed into.
 	 */