37 lines
1.5 KiB
Diff
37 lines
1.5 KiB
Diff
From 178e1ab7684c46f233082a4f15308a54c9ae5a15 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
|
|
Date: Thu, 19 Oct 2023 15:38:33 +0200
|
|
Subject: [PATCH] Add overflow checks
|
|
|
|
Fixes #1531
|
|
---
|
|
stb_image.h | 8 ++++++++
|
|
1 file changed, 8 insertions(+)
|
|
|
|
diff --git a/stb_image.h b/stb_image.h
|
|
index 5e807a0a6..aac3653ac 100644
|
|
--- a/stb_image.h
|
|
+++ b/stb_image.h
|
|
@@ -6990,6 +6990,10 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y,
|
|
stride = g.w * g.h * 4;
|
|
|
|
if (out) {
|
|
+ if (!stbi__mul2sizes_valid(layers, stride)) {
|
|
+ void *ret = stbi__load_gif_main_outofmem(&g, out, delays);
|
|
+ return ret;
|
|
+ }
|
|
void *tmp = (stbi_uc*) STBI_REALLOC_SIZED( out, out_size, layers * stride );
|
|
if (!tmp)
|
|
return stbi__load_gif_main_outofmem(&g, out, delays);
|
|
@@ -7006,6 +7010,10 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y,
|
|
delays_size = layers * sizeof(int);
|
|
}
|
|
} else {
|
|
+ if (!stbi__mul2sizes_valid(layers, stride)) {
|
|
+ void *ret = stbi__load_gif_main_outofmem(&g, out, delays);
|
|
+ return ret;
|
|
+ }
|
|
out = (stbi_uc*)stbi__malloc( layers * stride );
|
|
if (!out)
|
|
return stbi__load_gif_main_outofmem(&g, out, delays);
|