summaryrefslogtreecommitdiff
path: root/backend
diff options
context:
space:
mode:
authorlukefromdc <[email protected]>2019-07-24 01:35:22 -0400
committerraveit65 <[email protected]>2019-07-27 11:43:20 +0200
commit66dc31ec6b9bc20d37678053376ac3811ea6c2c2 (patch)
tree5bc06990ed2b803f7d9878a562171bbdff41d9d6 /backend
parentdde1493f75f326bc30d526c6ae9eaaec89ae6122 (diff)
downloadatril-66dc31ec6b9bc20d37678053376ac3811ea6c2c2.tar.bz2
atril-66dc31ec6b9bc20d37678053376ac3811ea6c2c2.tar.xz
Fix buffer overflow in backend/tiff-document.c
Apply https://gitlab.gnome.org/GNOME/evince/commit/e02fe9170ad0ac2fd46c75329c4f1d4502d4a362
Diffstat (limited to 'backend')
-rw-r--r--backend/tiff/tiff-document.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c
index 3d273fee..7e384212 100644
--- a/backend/tiff/tiff-document.c
+++ b/backend/tiff/tiff-document.c
@@ -268,13 +268,14 @@ tiff_document_render (EvDocument *document,
return NULL;
}
- bytes = height * rowstride;
- if (bytes / rowstride != height) {
+ if (height >= INT_MAX / rowstride) {
g_warning("Overflow while rendering document.");
/* overflow */
return NULL;
}
+ bytes = height * rowstride;
+
pixels = g_try_malloc (bytes);
if (!pixels) {
g_warning("Failed to allocate memory for rendering.");
@@ -356,15 +357,17 @@ tiff_document_render_pixbuf (EvDocument *document,
if (width <= 0 || height <= 0)
return NULL;
- rowstride = width * 4;
- if (rowstride / 4 != width)
+
+ if (width >= INT_MAX / 4)
/* overflow */
return NULL;
- bytes = height * rowstride;
- if (bytes / rowstride != height)
+ rowstride = width * 4;
+
+ if (height >= INT_MAX / rowstride)
/* overflow */
return NULL;
+ bytes = height * rowstride;
pixels = g_try_malloc (bytes);
if (!pixels)