[libgxps] gxps-images: fix integer overflow in png decoder
- From: Carlos Garcia Campos <carlosgc src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [libgxps] gxps-images: fix integer overflow in png decoder
- Date: Sat, 20 Jan 2018 06:24:58 +0000 (UTC)
commit 123dd99c6a1ae2ef6fcb5547e51fa58e8c954b51
Author: Carlos Garcia Campos <carlosgc gnome org>
Date: Fri Dec 8 11:11:38 2017 +0100
gxps-images: fix integer overflow in png decoder
libgxps/gxps-images.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
---
diff --git a/libgxps/gxps-images.c b/libgxps/gxps-images.c
index 98c7052..19cb1c0 100644
--- a/libgxps/gxps-images.c
+++ b/libgxps/gxps-images.c
@@ -286,7 +286,7 @@ gxps_images_create_from_png (GXPSArchive *zip,
}
stride = cairo_format_stride_for_width (format, png_width);
- if (stride < 0) {
+ if (stride < 0 || png_height >= INT_MAX / stride) {
fill_png_error (error, image_uri, NULL);
g_object_unref (stream);
png_destroy_read_struct (&png, &info, NULL);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
