diff options
author | Mike Frysinger <vapier@gentoo.org> | 2018-01-26 02:13:26 -0500 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2018-01-26 02:13:26 -0500 |
commit | b402909c4244fc34402292910fb2bacb3289f6e6 (patch) | |
tree | 7e25dcab39af9957730069c9b624ada42c669158 /src/gd_tga.c | |
parent | 9fa3abd2e61da18ed2b889704e4e252f0f5a95fe (diff) | |
download | libgd-b402909c4244fc34402292910fb2bacb3289f6e6.tar.gz |
tga: delay calculation to avoid undefined behavior
oss-fuzz pointed out:
gd_tga.c:209:52: runtime error: signed integer overflow: 838848000 * 3 cannot be represented in type 'int'
This is somewhat of a false positive as we already have overflow checks
after this assignment, but we can delay the code until afterwards to
avoid warnings.
Diffstat (limited to 'src/gd_tga.c')
-rw-r--r-- | src/gd_tga.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/gd_tga.c b/src/gd_tga.c index f80f0b1..cae9428 100644 --- a/src/gd_tga.c +++ b/src/gd_tga.c @@ -206,7 +206,7 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga) int read_image_tga( gdIOCtx *ctx, oTga *tga ) { int pixel_block_size = (tga->bits / 8); - int image_block_size = (tga->width * tga->height) * pixel_block_size; + int image_block_size; int* decompression_buffer = NULL; unsigned char* conversion_buffer = NULL; int buffer_caret = 0; @@ -223,6 +223,7 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga ) return -1; } + image_block_size = (tga->width * tga->height) * pixel_block_size; if(overflow2(image_block_size, sizeof(int))) { return -1; } |