[malloc] Check for integer overflow when realloc'ing.

Perform similar sanity checks to Vlad's _cairo_malloc_ab() but on the arguments to realloc instead.
author: Chris Wilson <chris@chris-wilson.co.uk> 2007-10-03 23:19:10 +0100
committer: Chris Wilson <chris@chris-wilson.co.uk> 2007-10-04 00:42:29 +0100
commit: e49bcde27f88e21d5b8037a0089a226096f6514b (patch)
tree: 81093fdb6b2288c7338c73da2936812e3362489c /src/cairo-lzw.c
parent: 8cba73a36c4ec42601388bb9374f3182651bfe60 (diff)
download: cairo-e49bcde27f88e21d5b8037a0089a226096f6514b.tar.gz
1 files changed, 5 insertions, 1 deletions
diff --git a/src/cairo-lzw.c b/src/cairo-lzw.c
index 370d258b5..36a59fda6 100644
--- a/src/cairo-lzw.c
+++ b/src/cairo-lzw.c
@@ -93,7 +93,11 @@ _lzw_buf_grow (lzw_buf_t *buf)
     if (buf->status)
 	return buf->status;
 
-    new_data = realloc (buf->data, new_size);
+    new_data = NULL;
+    /* check for integer overflow */
+    if (new_size / 2 == buf->data_size)
+	new_data = realloc (buf->data, new_size);
+
     if (new_data == NULL) {
 	free (buf->data);
 	buf->data_size = 0;
author	Chris Wilson <chris@chris-wilson.co.uk>	2007-10-03 23:19:10 +0100
committer	Chris Wilson <chris@chris-wilson.co.uk>	2007-10-04 00:42:29 +0100
commit	e49bcde27f88e21d5b8037a0089a226096f6514b (patch)
tree	81093fdb6b2288c7338c73da2936812e3362489c /src/cairo-lzw.c
parent	8cba73a36c4ec42601388bb9374f3182651bfe60 (diff)
download	cairo-e49bcde27f88e21d5b8037a0089a226096f6514b.tar.gz