tga: delay calculation to avoid undefined behavior
oss-fuzz pointed out: gd_tga.c:209:52: runtime error: signed integer overflow: 838848000 * 3 cannot be represented in type 'int' This is somewhat of a false positive as we already have overflow checks after this assignment, but we can delay the code until afterwards to avoid warnings.master
parent
9fa3abd2e6
commit
b402909c42
|
@ -206,7 +206,7 @@ int read_header_tga(gdIOCtx *ctx, oTga *tga)
|
|||
int read_image_tga( gdIOCtx *ctx, oTga *tga )
|
||||
{
|
||||
int pixel_block_size = (tga->bits / 8);
|
||||
int image_block_size = (tga->width * tga->height) * pixel_block_size;
|
||||
int image_block_size;
|
||||
int* decompression_buffer = NULL;
|
||||
unsigned char* conversion_buffer = NULL;
|
||||
int buffer_caret = 0;
|
||||
|
@ -223,6 +223,7 @@ int read_image_tga( gdIOCtx *ctx, oTga *tga )
|
|||
return -1;
|
||||
}
|
||||
|
||||
image_block_size = (tga->width * tga->height) * pixel_block_size;
|
||||
if(overflow2(image_block_size, sizeof(int))) {
|
||||
return -1;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue