Bullet-proof against integer overflow.

Sat Mar 2 21:28:03 2002 Owen Taylor <otaylor@redhat.com> * gdk-pixbuf.c (gdk_pixbuf_new): Bullet-proof against integer overflow.
2002-03-03 02:35:25 +00:00 · 2002-03-03 02:35:25 +00:00 · ed5fc07f4e
commit ed5fc07f4e
parent f5b8bde792
2 changed files with 22 additions and 6 deletions
--- a/gdk-pixbuf/ChangeLog
+++ b/gdk-pixbuf/ChangeLog
@ -1,3 +1,8 @@
+Sat Mar  2 21:28:03 2002  Owen Taylor  <otaylor@redhat.com>
+
+	* gdk-pixbuf.c (gdk_pixbuf_new): Bullet-proof against integer
+	overflow.
+
 2002-03-03  Tor Lillqvist  <tml@iki.fi>

 	* gtk-pixbuf.rc.in: Remove.
@ -18,7 +23,7 @@ Wed Feb 27 18:33:04 2002  Owen Taylor  <otaylor@redhat.com>

 	* gdk-pixdata.c (gdk_pixdata_to_csource): Use {} not
 	() to group around string assigned to char[]. (#72767,
-	Tomas Ögren)
+	Tomas Ãgren)

 2002-02-21  Havoc Pennington  <hp@pobox.com>

@ -1240,7 +1245,7 @@ Wed Jun 21 16:02:48 2000  Owen Taylor  <otaylor@redhat.com>
 2000-06-05	Mathieu Lacage  <mathieu@gnome.org>

 	* configure.in: add some gtk parameters to the
-	GDK_PIXBUF_LIB²S and GDK_PIXBUG_INCLUDEDIR vars. One more
+	GDK_PIXBUF_LIBÂ²S and GDK_PIXBUG_INCLUDEDIR vars. One more
 	fight in my crusade for strange prefix compile...

 2000-05-30  Not Zed  <NotZed@HelixCode.com>
@ -1337,7 +1342,7 @@ Fri May  5 12:16:32 2000  Owen Taylor  <otaylor@redhat.com>
 	* gdk-pixbuf/Makefile.am (INCLUDES): Add $(GNOME_CFLAGS).
 	Reported by Jens Finke.

-2000-04-14 Tomasz K³opczko <kloczek@pld.org.pl>
+2000-04-14 Tomasz KÂ³opczko <kloczek@pld.org.pl>

 	* gdk-pixbuf/pixops/makefile.am: $(LIBART_CFLAGS) replaced by 
 	$(GTK_CFLAGS) - now gdk-pixbuf compiles correctly.
--- a/gdk-pixbuf/gdk-pixbuf.c
+++ b/gdk-pixbuf/gdk-pixbuf.c
@ -144,18 +144,29 @@ gdk_pixbuf_new (GdkColorspace colorspace, gboolean has_alpha, int bits_per_sampl
 	guchar *buf;
 	int channels;
 	int rowstride;
+        gsize bytes;

 	g_return_val_if_fail (colorspace == GDK_COLORSPACE_RGB, NULL);
 	g_return_val_if_fail (bits_per_sample == 8, NULL);
 	g_return_val_if_fail (width > 0, NULL);
 	g_return_val_if_fail (height > 0, NULL);

-	/* Always align rows to 32-bit boundaries */
+        if (width <= 0 || height <= 0)
+                return NULL;

 	channels = has_alpha ? 4 : 3;
-	rowstride = 4 * ((channels * width + 3) / 4);
+        rowstride = width * channels;
+        if (rowstride / channels != width || rowstride + 3 < 0) /* overflow */
+                return NULL;
+        
+	/* Always align rows to 32-bit boundaries */
+	rowstride = (rowstride + 3) & ~3;

-	buf = g_try_malloc (height * rowstride);
+        bytes = height * rowstride;
+        if (bytes / rowstride !=  height) /* overflow */
+                return NULL;
+            
+	buf = g_try_malloc (bytes);
 	if (!buf)
 		return NULL;