From 2d571bd89f9e50f0b17dce378cc12c98e9210719 Mon Sep 17 00:00:00 2001
From: Pascal Massimino <pascal.massimino@gmail.com>
Date: Mon, 16 Jul 2012 19:15:00 -0700
Subject: [PATCH] add a malloc() check

mostly a sanity measure to be future-proof

Change-Id: I55a81345819b2a8e939c98f0da883dc5c0cc16a2
---
 src/dec/vp8l.c | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/src/dec/vp8l.c b/src/dec/vp8l.c
index 473bb300..d96d1c6c 100644
--- a/src/dec/vp8l.c
+++ b/src/dec/vp8l.c
@@ -890,11 +890,21 @@ static int DecodeImageStream(int xsize, int ysize,
     goto End;
   }
 
-  data = (uint32_t*)malloc(transform_xsize * transform_ysize * sizeof(*data));
-  if (data == NULL) {
-    dec->status_ = VP8_STATUS_OUT_OF_MEMORY;
-    ok = 0;
-    goto End;
+  {
+    const uint64_t total_size =
+        transform_xsize * transform_ysize * sizeof(*data);
+    if (total_size != (size_t)total_size) {
+      // This shouldn't happen, because of transform_bits limit, but...
+      dec->status_ = VP8_STATUS_BITSTREAM_ERROR;
+      ok = 0;
+      goto End;
+    }
+    data = (uint32_t*)malloc((size_t)total_size);
+    if (data == NULL) {
+      dec->status_ = VP8_STATUS_OUT_OF_MEMORY;
+      ok = 0;
+      goto End;
+    }
   }
 
   // Use the Huffman trees to decode the LZ77 encoded data.