summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorlukefromdc <[email protected]>2019-07-27 15:07:13 -0400
committerraveit65 <[email protected]>2019-07-28 09:45:58 +0200
commitaa8c51c24a3d716986ace9a4104a9632436ccff5 (patch)
treecf2d6d38cee723a22d6fc787e7bb0fc5019f5c7c
parent8ecc5b244bb073840dfa72eb6982d49526e69e74 (diff)
downloadatril-aa8c51c24a3d716986ace9a4104a9632436ccff5.tar.bz2
atril-aa8c51c24a3d716986ace9a4104a9632436ccff5.tar.xz
Fix buffer overflow in backend/tiff-document.c
Apply https://gitlab.gnome.org/GNOME/evince/commit/e02fe9170ad0ac2fd46c75329c4f1d4502d4a362
-rw-r--r--backend/tiff/tiff-document.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c
index 0aa31cb6..94adc400 100644
--- a/backend/tiff/tiff-document.c
+++ b/backend/tiff/tiff-document.c
@@ -268,13 +268,14 @@ tiff_document_render (EvDocument *document,
return NULL;
}
- bytes = height * rowstride;
- if (bytes / rowstride != height) {
+ if (height >= INT_MAX / rowstride) {
g_warning("Overflow while rendering document.");
/* overflow */
return NULL;
}
+ bytes = height * rowstride;
+
pixels = g_try_malloc (bytes);
if (!pixels) {
g_warning("Failed to allocate memory for rendering.");
@@ -356,15 +357,17 @@ tiff_document_render_pixbuf (EvDocument *document,
if (width <= 0 || height <= 0)
return NULL;
- rowstride = width * 4;
- if (rowstride / 4 != width)
+ if (width >= INT_MAX / 4)
/* overflow */
return NULL;
- bytes = height * rowstride;
- if (bytes / rowstride != height)
+ rowstride = width * 4;
+
+ if (height >= INT_MAX / rowstride)
/* overflow */
- return NULL;
+ return NULL;
+
+ bytes = height * rowstride;
pixels = g_try_malloc (bytes);
if (!pixels)