diff options
author | Philip Withnall <withnall@endlessm.com> | 2017-01-16 10:13:48 +0000 |
---|---|---|
committer | Philip Withnall <withnall@endlessm.com> | 2017-02-07 10:54:43 +0000 |
commit | d579de66166d6d9130b8047cf54e61a4ae29aa6e (patch) | |
tree | a89064df201de2a8058f4336ad60acaa5962f94a /gdk-pixbuf | |
parent | ccfd2416cf4aab0d7046f465495fb589f6b0942f (diff) | |
download | gdk-pixbuf-d579de66166d6d9130b8047cf54e61a4ae29aa6e.tar.gz |
gdk-pixbuf: Fix overflow check in gdk_pixbuf_new()
The recommended way to do an overflow check is to check against the
limit you have in mind, rather than doing the calculation and seeing if
it failed.
Fix this by rearranging the check: move the variables we control (or
have previously checked) over to one side, leaving the unknown variable
on its own on the left-hand side. This ensures the overflow check
doesn’t overflow itself.
Coverity ID: 1388538
https://bugzilla.gnome.org/show_bug.cgi?id=777315
Diffstat (limited to 'gdk-pixbuf')
-rw-r--r-- | gdk-pixbuf/gdk-pixbuf.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/gdk-pixbuf/gdk-pixbuf.c b/gdk-pixbuf/gdk-pixbuf.c index 6bfaafb11..d7b78e4e2 100644 --- a/gdk-pixbuf/gdk-pixbuf.c +++ b/gdk-pixbuf/gdk-pixbuf.c @@ -453,12 +453,13 @@ gdk_pixbuf_new (GdkColorspace colorspace, g_return_val_if_fail (height > 0, NULL); channels = has_alpha ? 4 : 3; - rowstride = (unsigned) width * channels; - if (rowstride / channels != width || rowstride + 3 < 0) /* overflow */ - return NULL; - + + /* Overflow? */ + if (width > (G_MAXUINT - 3) / channels) + return NULL; + /* Always align rows to 32-bit boundaries */ - rowstride = (rowstride + 3) & ~3; + rowstride = (width * channels + 3) & ~3; buf = g_try_malloc_n (height, rowstride); if (!buf) |