libgd
/
libgd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix overflow checks 

We check for the proper sizeofs and add the additional sx*sy check for
gdImageCreate(), which serves as a quick check for totally oversized images.
master
Christoph M. Becker 2016-09-30 17:37:00 +02:00
parent 3e8b5c5ee2
commit c3cf674cb4
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/gd.c
View File

@ -185,10 +185,13 @@ BGD_DECLARE(gdImagePtr) gdImageCreate (int sx, int sy)
int i;
gdImagePtr im;
if (overflow2(sx, sy)) {
return NULL;
}
if (overflow2(sizeof (unsigned char *), sy)) {
return NULL;
}
if (overflow2(sizeof (unsigned char *), sx)) {
if (overflow2(sizeof (unsigned char), sx)) {
return NULL;
}
@ -292,12 +295,10 @@ BGD_DECLARE(gdImagePtr) gdImageCreateTrueColor (int sx, int sy)
if (overflow2(sx, sy)) {
return NULL;
}
if (overflow2(sizeof (int *), sy)) {
return 0;
}
if (overflow2(sizeof(int *), sx)) {
if (overflow2(sizeof(int), sx)) {
return NULL;
}