mirror
/
sane-project-frontends
kopia lustrzana https://gitlab.com/sane-project/frontends
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Merge branch '26-potential-integer-overflow-vulnerability' into 'master' 

Resolve "Potential Integer Overflow vulnerability"

Closes #26

See merge request sane-project/frontends!28
merge-requests/29/merge
Ralph Little 2025-06-06 15:40:04 -07:00
rodzic 0f59061ff2 f9d5456962
commit 6af927f272
1 zmienionych plików z 19 dodań i 2 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

21
src/preview.c
Wyświetl plik

@ -1159,11 +1159,28 @@ restore_preview_image (Preview * p)
p->image_height = height; p->image_height = height;
if ((width == 0) || (height == 0)) if ((width == 0) || (height == 0))
return; return;
p->image_data = malloc (3 * width * height);
p->preview_data = malloc (3 * width * height); int data_size = 3 * width * height;
// Overflow check.
if ((data_size / width) / height != 3)
{
// overflow occurred. Ignore the image. The dimensions are probably corrupted.
return;
}
p->image_data = malloc (data_size);
if (!p->image_data) if (!p->image_data)
return; return;
p->preview_data = malloc (data_size);
if (!p->preview_data)
{
free(p->image_data);
p->image_data = NULL;
return;
}
nread = fread (p->image_data, 3, width * height, in); nread = fread (p->image_data, 3, width * height, in);
p->image_y = nread / width; p->image_y = nread / width;