libgd
/
libgd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tga: delay calculation to avoid undefined behavior 

oss-fuzz pointed out:
gd_tga.c:209:52: runtime error: signed integer overflow: 838848000 * 3 cannot be represented in type 'int'

This is somewhat of a false positive as we already have overflow checks
after this assignment, but we can delay the code until afterwards to
avoid warnings.
master
Mike Frysinger 2018-01-26 02:13:26 -05:00
parent 9fa3abd2e6
commit b402909c42
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/gd_tga.c
View File

@ -206,7 +206,7 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
int read_image_tga( gdIOCtx *ctx, oTga *tga )
{
int pixel_block_size = (tga->bits / 8);
int image_block_size = (tga->width * tga->height) * pixel_block_size;
int image_block_size;
int* decompression_buffer = NULL;
unsigned char* conversion_buffer = NULL;
int buffer_caret = 0;
@ -223,6 +223,7 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
return -1;
}
image_block_size = (tga->width * tga->height) * pixel_block_size;
if(overflow2(image_block_size, sizeof(int))) {
return -1;
}