diff options
author | Chris Wilson <chris@chris-wilson.co.uk> | 2007-10-03 23:19:10 +0100 |
---|---|---|
committer | Chris Wilson <chris@chris-wilson.co.uk> | 2007-10-04 00:42:29 +0100 |
commit | e49bcde27f88e21d5b8037a0089a226096f6514b (patch) | |
tree | 81093fdb6b2288c7338c73da2936812e3362489c /src/cairo-lzw.c | |
parent | 8cba73a36c4ec42601388bb9374f3182651bfe60 (diff) | |
download | cairo-e49bcde27f88e21d5b8037a0089a226096f6514b.tar.gz |
[malloc] Check for integer overflow when realloc'ing.
Perform similar sanity checks to Vlad's _cairo_malloc_ab() but on the
arguments to realloc instead.
Diffstat (limited to 'src/cairo-lzw.c')
-rw-r--r-- | src/cairo-lzw.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/cairo-lzw.c b/src/cairo-lzw.c index 370d258b5..36a59fda6 100644 --- a/src/cairo-lzw.c +++ b/src/cairo-lzw.c @@ -93,7 +93,11 @@ _lzw_buf_grow (lzw_buf_t *buf) if (buf->status) return buf->status; - new_data = realloc (buf->data, new_size); + new_data = NULL; + /* check for integer overflow */ + if (new_size / 2 == buf->data_size) + new_data = realloc (buf->data, new_size); + if (new_data == NULL) { free (buf->data); buf->data_size = 0; |