dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2024-12-26 13:48:21 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

VP8LAllocateHistogramSet: fix overflow in size calculation

Browse Source 
the multiplications done for total_size would be done with integers,
possibly overflowing, before being promoted to 64-bit for the addition

Change-Id: I32c3a6400fc2ef120c38e01a8693f4cb1727234d
This commit is contained in:
James Zern 2012-10-03 12:09:38 -07:00
parent f9cb58fbce
commit 734f762a08
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/enc/histogram.c
View File

@ -55,9 +55,9 @@ VP8LHistogramSet* VP8LAllocateHistogramSet(int size, int cache_bits) {
int i; int i;
VP8LHistogramSet* set; VP8LHistogramSet* set;
VP8LHistogram* bulk; VP8LHistogram* bulk;
const uint64_t total_size = (uint64_t)sizeof(*set) const uint64_t total_size = sizeof(*set)
+ size * sizeof(*set->histograms) + (uint64_t)size * sizeof(*set->histograms)
+ size * sizeof(**set->histograms); + (uint64_t)size * sizeof(**set->histograms);
uint8_t* memory = (uint8_t*)WebPSafeMalloc(total_size, sizeof(*memory)); uint8_t* memory = (uint8_t*)WebPSafeMalloc(total_size, sizeof(*memory));
if (memory == NULL) return NULL; if (memory == NULL) return NULL;