sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2025-12-19 02:50:25 +03:00
Code Issues Packages Projects Releases Wiki Activity

[pixbuf] Check for unsigned integer overflow on multiplication

Browse Source 
Signed-off-by: Michael Brown <mcb30@ipxe.org>
This commit is contained in:
Michael Brown
2016-03-12 00:09:23 +00:00
parent 5a6ed90a00
commit 11396473f5
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/core/pixbuf.c
View File

@@ -65,6 +65,10 @@ struct pixel_buffer * alloc_pixbuf ( unsigned int width, unsigned int height ) {
pixbuf->height = height;
pixbuf->len = ( width * height * sizeof ( uint32_t ) );
/* Check for multiplication overflow */
if ( ( ( pixbuf->len / sizeof ( uint32_t ) ) / width ) != height )
goto err_overflow;
/* Allocate pixel data buffer */
pixbuf->data = umalloc ( pixbuf->len );
if ( ! pixbuf->data )
@@ -73,6 +77,7 @@ struct pixel_buffer * alloc_pixbuf ( unsigned int width, unsigned int height ) {
return pixbuf;
err_alloc_data:
err_overflow:
pixbuf_put ( pixbuf );
err_alloc_pixbuf:
return NULL;