stb/1532.patch
2023-10-25 10:54:40 -04:00

37 lines
1.5 KiB
Diff

From 178e1ab7684c46f233082a4f15308a54c9ae5a15 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Thu, 19 Oct 2023 15:38:33 +0200
Subject: [PATCH] Add overflow checks
Fixes #1531
---
stb_image.h | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/stb_image.h b/stb_image.h
index 5e807a0a6..aac3653ac 100644
--- a/stb_image.h
+++ b/stb_image.h
@@ -6990,6 +6990,10 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y,
stride = g.w * g.h * 4;
if (out) {
+ if (!stbi__mul2sizes_valid(layers, stride)) {
+ void *ret = stbi__load_gif_main_outofmem(&g, out, delays);
+ return ret;
+ }
void *tmp = (stbi_uc*) STBI_REALLOC_SIZED( out, out_size, layers * stride );
if (!tmp)
return stbi__load_gif_main_outofmem(&g, out, delays);
@@ -7006,6 +7010,10 @@ static void *stbi__load_gif_main(stbi__context *s, int **delays, int *x, int *y,
delays_size = layers * sizeof(int);
}
} else {
+ if (!stbi__mul2sizes_valid(layers, stride)) {
+ void *ret = stbi__load_gif_main_outofmem(&g, out, delays);
+ return ret;
+ }
out = (stbi_uc*)stbi__malloc( layers * stride );
if (!out)
return stbi__load_gif_main_outofmem(&g, out, delays);