Skip to content

Commit

Permalink
fix integer overflow in Resample.c
Browse files Browse the repository at this point in the history
  • Loading branch information
nedwill authored and wiredfool committed Feb 4, 2016
1 parent bdd86b7 commit 4e0d9b0
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions libImaging/Resample.c
Original file line number Diff line number Diff line change
Expand Up @@ -138,11 +138,23 @@ ImagingResampleHorizontal(Imaging imIn, int xsize, int filter)
/* maximum number of coofs */
kmax = (int) ceil(support) * 2 + 1;

// check for overflow
if (kmax > 0 && xsize > SIZE_MAX / kmax)
return (Imaging) ImagingError_MemoryError();

// sizeof(float) should be greater than 0
if (xsize * kmax > SIZE_MAX / sizeof(float))
return (Imaging) ImagingError_MemoryError();

/* coefficient buffer */
kk = malloc(xsize * kmax * sizeof(float));
if ( ! kk)
return (Imaging) ImagingError_MemoryError();

// sizeof(int) should be greater than 0 as well
if (xsize > SIZE_MAX / (2 * sizeof(int)))
return (Imaging) ImagingError_MemoryError();

xbounds = malloc(xsize * 2 * sizeof(int));
if ( ! xbounds) {
free(kk);
Expand Down

0 comments on commit 4e0d9b0

Please # to comment.