tga: delay calculation to avoid undefined behavior

oss-fuzz pointed out: gd_tga.c:209:52: runtime error: signed integer overflow: 838848000 * 3 cannot be represented in type 'int' This is somewhat of a false positive as we already have overflow checks after this assignment, but we can delay the code until afterwards to avoid warnings.
author: Mike Frysinger <vapier@gentoo.org> 2018-01-26 02:13:26 -0500
committer: Mike Frysinger <vapier@gentoo.org> 2018-01-26 02:13:26 -0500
commit: b402909c4244fc34402292910fb2bacb3289f6e6 (patch)
tree: 7e25dcab39af9957730069c9b624ada42c669158 /src/gd_tga.c
parent: 9fa3abd2e61da18ed2b889704e4e252f0f5a95fe (diff)
download: libgd-b402909c4244fc34402292910fb2bacb3289f6e6.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/gd_tga.c b/src/gd_tga.c
index f80f0b1..cae9428 100644
--- a/src/gd_tga.c
+++ b/src/gd_tga.c
@@ -206,7 +206,7 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
 int read_image_tga( gdIOCtx *ctx, oTga *tga )
 {
 	int pixel_block_size = (tga->bits / 8);
-	int image_block_size = (tga->width * tga->height) * pixel_block_size;
+	int image_block_size;
 	int* decompression_buffer = NULL;
 	unsigned char* conversion_buffer = NULL;
 	int buffer_caret = 0;
@@ -223,6 +223,7 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
 		return -1;
 	}
 
+	image_block_size = (tga->width * tga->height) * pixel_block_size;
 	if(overflow2(image_block_size, sizeof(int))) {
 		return -1;
 	}
author	Mike Frysinger <vapier@gentoo.org>	2018-01-26 02:13:26 -0500
committer	Mike Frysinger <vapier@gentoo.org>	2018-01-26 02:13:26 -0500
commit	b402909c4244fc34402292910fb2bacb3289f6e6 (patch)
tree	7e25dcab39af9957730069c9b624ada42c669158 /src/gd_tga.c
parent	9fa3abd2e61da18ed2b889704e4e252f0f5a95fe (diff)
download	libgd-b402909c4244fc34402292910fb2bacb3289f6e6.tar.gz