Fix overflow checks
We check for the proper sizeofs and add the additional sx*sy check for gdImageCreate(), which serves as a quick check for totally oversized images.master
parent
3e8b5c5ee2
commit
c3cf674cb4
9
src/gd.c
9
src/gd.c
|
@ -185,10 +185,13 @@ BGD_DECLARE(gdImagePtr) gdImageCreate (int sx, int sy)
|
|||
int i;
|
||||
gdImagePtr im;
|
||||
|
||||
if (overflow2(sx, sy)) {
|
||||
return NULL;
|
||||
}
|
||||
if (overflow2(sizeof (unsigned char *), sy)) {
|
||||
return NULL;
|
||||
}
|
||||
if (overflow2(sizeof (unsigned char *), sx)) {
|
||||
if (overflow2(sizeof (unsigned char), sx)) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
@ -292,12 +295,10 @@ BGD_DECLARE(gdImagePtr) gdImageCreateTrueColor (int sx, int sy)
|
|||
if (overflow2(sx, sy)) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (overflow2(sizeof (int *), sy)) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (overflow2(sizeof(int *), sx)) {
|
||||
if (overflow2(sizeof(int), sx)) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue