[gimp/metadata-browser] file-gif-load: fix type overflow (CVE-2012-3481)

From: Roman Joost <romanofski src gnome org>
To: commits-list gnome org
Cc:
Subject: [gimp/metadata-browser] file-gif-load: fix type overflow (CVE-2012-3481)
Date: Thu, 13 Sep 2012 00:31:09 +0000 (UTC)

commit 861021c91ba6c7077d126b098cbb67e4181abe9e
Author: Nils Philippsen <nils redhat com>
Date:   Tue Aug 14 15:27:39 2012 +0200

    file-gif-load: fix type overflow (CVE-2012-3481)
    
    Cast variables properly to avoid overflowing when computing how much
    memory to allocate.

 plug-ins/common/file-gif-load.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/plug-ins/common/file-gif-load.c b/plug-ins/common/file-gif-load.c
index 4287b46..0bb9bc4 100644
--- a/plug-ins/common/file-gif-load.c
+++ b/plug-ins/common/file-gif-load.c
@@ -1065,9 +1065,9 @@ ReadImage (FILE        *fd,
   }
 
   if (alpha_frame)
-    dest = (guchar *) g_malloc (len * height * (promote_to_rgb ? 4 : 2));
+    dest = (guchar *) g_malloc ((gsize)len * (gsize)height * (promote_to_rgb ? 4 : 2));
   else
-    dest = (guchar *) g_malloc (len * height);
+    dest = (guchar *) g_malloc ((gsize)len * (gsize)height);
 
 #ifdef GIFDEBUG
     g_print ("GIF: reading %d by %d%s GIF image, ncols=%d\n",

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]