From 386126ffdb0c35c6db5d53dfb9e1c71a96ba3727 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=99emysl=20Janouch?= <p.janouch@gmail.com>
Date: Sat, 14 Feb 2015 08:54:42 +0100
Subject: Prevent integer overflow

---
 autistdraw.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/autistdraw.c b/autistdraw.c
index 2899251..45f63a5 100644
--- a/autistdraw.c
+++ b/autistdraw.c
@@ -828,7 +828,10 @@ load (app_context_t *app)
 	if (fscanf (fp, "%d %d %zu %zu", &x, &y, &w, &h) != 4)
 		goto error;
 
+	if (w && h > SIZE_MAX / w)
+		goto error;
 	size_t size = w * h;
+
 	uint8_t *bitmap = calloc (size, sizeof *bitmap);
 	if (!bitmap)
 		goto error;
-- 
cgit v1.2.3