Prevent integer overflow

author: Přemysl Janouch <p.janouch@gmail.com> 2015-02-14 08:54:42 +0100
committer: Přemysl Janouch <p.janouch@gmail.com> 2015-02-14 08:54:42 +0100
commit: 386126ffdb0c35c6db5d53dfb9e1c71a96ba3727 (patch)
tree: 83de71003244e02ed3fec9517ce53de2d6df2a72
parent: 4793e93d6954f1de2473d216a5c40c78f5f67022 (diff)
download: neetdraw-386126ffdb0c35c6db5d53dfb9e1c71a96ba3727.tar.gz
neetdraw-386126ffdb0c35c6db5d53dfb9e1c71a96ba3727.tar.xz
neetdraw-386126ffdb0c35c6db5d53dfb9e1c71a96ba3727.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/autistdraw.c b/autistdraw.c
index 2899251..45f63a5 100644
--- a/autistdraw.c
+++ b/autistdraw.c
@@ -828,7 +828,10 @@ load (app_context_t *app)
 	if (fscanf (fp, "%d %d %zu %zu", &x, &y, &w, &h) != 4)
 		goto error;
 
+	if (w && h > SIZE_MAX / w)
+		goto error;
 	size_t size = w * h;
+
 	uint8_t *bitmap = calloc (size, sizeof *bitmap);
 	if (!bitmap)
 		goto error;
author	Přemysl Janouch <p.janouch@gmail.com>	2015-02-14 08:54:42 +0100
committer	Přemysl Janouch <p.janouch@gmail.com>	2015-02-14 08:54:42 +0100
commit	386126ffdb0c35c6db5d53dfb9e1c71a96ba3727 (patch)
tree	83de71003244e02ed3fec9517ce53de2d6df2a72
parent	4793e93d6954f1de2473d216a5c40c78f5f67022 (diff)
download	neetdraw-386126ffdb0c35c6db5d53dfb9e1c71a96ba3727.tar.gz neetdraw-386126ffdb0c35c6db5d53dfb9e1c71a96ba3727.tar.xz neetdraw-386126ffdb0c35c6db5d53dfb9e1c71a96ba3727.zip