dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2024-11-20 12:28:26 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

VP8LAllocateHistogramSet: fix overflow in size calculation

Browse Source 
the multiplications done for total_size would be done with integers,
possibly overflowing, before being promoted to 64-bit for the addition

Change-Id: Id5c127c8a497ce5de89a276c17f36b59eeb67c21
This commit is contained in:
James Zern 2012-10-03 12:09:38 -07:00
parent a792b913bd
commit a6ae04d455
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/enc/histogram.c
View File

@ -55,9 +55,9 @@ VP8LHistogramSet* VP8LAllocateHistogramSet(int size, int cache_bits) {
int i; int i;
VP8LHistogramSet* set; VP8LHistogramSet* set;
VP8LHistogram* bulk; VP8LHistogram* bulk;
const uint64_t total_size = (uint64_t)sizeof(*set) const uint64_t total_size = sizeof(*set)
+ size * sizeof(*set->histograms) + (uint64_t)size * sizeof(*set->histograms)
+ size * sizeof(**set->histograms); + (uint64_t)size * sizeof(**set->histograms);
uint8_t* memory = (uint8_t*)WebPSafeMalloc(total_size, sizeof(*memory)); uint8_t* memory = (uint8_t*)WebPSafeMalloc(total_size, sizeof(*memory));
if (memory == NULL) return NULL; if (memory == NULL) return NULL;