[gdk-pixbuf] gdk-pixbuf: Fix overflow check in gdk_pixbuf_new()
- From: Philip Withnall <pwithnall src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gdk-pixbuf] gdk-pixbuf: Fix overflow check in gdk_pixbuf_new()
- Date: Tue, 7 Feb 2017 11:03:15 +0000 (UTC)
commit d579de66166d6d9130b8047cf54e61a4ae29aa6e
Author: Philip Withnall <withnall endlessm com>
Date: Mon Jan 16 10:13:48 2017 +0000
gdk-pixbuf: Fix overflow check in gdk_pixbuf_new()
The recommended way to do an overflow check is to check against the
limit you have in mind, rather than doing the calculation and seeing if
it failed.
Fix this by rearranging the check: move the variables we control (or
have previously checked) over to one side, leaving the unknown variable
on its own on the left-hand side. This ensures the overflow check
doesn’t overflow itself.
Coverity ID: 1388538
https://bugzilla.gnome.org/show_bug.cgi?id=777315
gdk-pixbuf/gdk-pixbuf.c | 11 ++++++-----
1 files changed, 6 insertions(+), 5 deletions(-)
---
diff --git a/gdk-pixbuf/gdk-pixbuf.c b/gdk-pixbuf/gdk-pixbuf.c
index 6bfaafb..d7b78e4 100644
--- a/gdk-pixbuf/gdk-pixbuf.c
+++ b/gdk-pixbuf/gdk-pixbuf.c
@@ -453,12 +453,13 @@ gdk_pixbuf_new (GdkColorspace colorspace,
g_return_val_if_fail (height > 0, NULL);
channels = has_alpha ? 4 : 3;
- rowstride = (unsigned) width * channels;
- if (rowstride / channels != width || rowstride + 3 < 0) /* overflow */
- return NULL;
-
+
+ /* Overflow? */
+ if (width > (G_MAXUINT - 3) / channels)
+ return NULL;
+
/* Always align rows to 32-bit boundaries */
- rowstride = (rowstride + 3) & ~3;
+ rowstride = (width * channels + 3) & ~3;
buf = g_try_malloc_n (height, rowstride);
if (!buf)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]