[evince] Fix overflow checks in tiff backend
- From: Jason Crain <jcrain src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [evince] Fix overflow checks in tiff backend
- Date: Fri, 22 Dec 2017 02:59:50 +0000 (UTC)
commit e02fe9170ad0ac2fd46c75329c4f1d4502d4a362
Author: Jason Crain <jcrain src gnome org>
Date: Sat Dec 2 20:24:33 2017 -0600
Fix overflow checks in tiff backend
The overflow checks in tiff_document_render and
tiff_document_get_thumbnail don't work when optimizations are enabled.
Change the checks so they don't rely on undefined behavior.
https://bugzilla.gnome.org/show_bug.cgi?id=788980
backend/tiff/tiff-document.c | 12 ++++++------
1 files changed, 6 insertions(+), 6 deletions(-)
---
diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c
index 8f40934..7bf95c2 100644
--- a/backend/tiff/tiff-document.c
+++ b/backend/tiff/tiff-document.c
@@ -284,12 +284,12 @@ tiff_document_render (EvDocument *document,
return NULL;
}
- bytes = height * rowstride;
- if (bytes / rowstride != height) {
+ if (height >= INT_MAX / rowstride) {
g_warning("Overflow while rendering document.");
/* overflow */
return NULL;
}
+ bytes = height * rowstride;
pixels = g_try_malloc (bytes);
if (!pixels) {
@@ -374,15 +374,15 @@ tiff_document_get_thumbnail (EvDocument *document,
if (width <= 0 || height <= 0)
return NULL;
- rowstride = width * 4;
- if (rowstride / 4 != width)
+ if (width >= INT_MAX / 4)
/* overflow */
return NULL;
+ rowstride = width * 4;
- bytes = height * rowstride;
- if (bytes / rowstride != height)
+ if (height >= INT_MAX / rowstride)
/* overflow */
return NULL;
+ bytes = height * rowstride;
pixels = g_try_malloc (bytes);
if (!pixels)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
