diff options
author | FRIGN <dev@frign.de> | 2016-03-18 19:49:11 +0100 |
---|---|---|
committer | FRIGN <dev@frign.de> | 2016-03-18 19:49:11 +0100 |
commit | e637aae67ededf6a4a0b4d490d02f3294f297b71 (patch) | |
tree | 8f09a69a6f68aed99205239f6eef1c11d3943b47 /png2ff.c | |
parent | 49cef794d9cef3c1ab8478963a7f778c8c28eb70 (diff) |
Prevent overflow in rowlen and improve inaccuracies in style
Diffstat (limited to 'png2ff.c')
-rw-r--r-- | png2ff.c | 11 |
1 files changed, 7 insertions, 4 deletions
@@ -5,7 +5,6 @@ #include <stdint.h> #include <stdio.h> #include <stdlib.h> -#include <string.h> #include <png.h> @@ -57,7 +56,11 @@ main(int argc, char *argv[]) pngrows = png_get_rows(pngs, pngi); /* allocate output row buffer */ - rowlen = width * strlen("RGBA"); + if (width > SIZE_MAX / ((sizeof("RGBA") - 1) * sizeof(uint16_t))) { + fprintf(stderr, "%s: row length integer overflow\n", argv0); + return 1; + } + rowlen = width * (sizeof("RGBA") - 1); if (!(row = malloc(rowlen * sizeof(uint16_t)))) { fprintf(stderr, "%s: malloc: out of memory\n", argv0); return 1; @@ -87,8 +90,8 @@ main(int argc, char *argv[]) break; case 16: for (r = 0; r < height; ++r) { - if (fwrite(pngrows[r], sizeof(uint16_t), - rowlen, stdout) != rowlen) { + if (fwrite(pngrows[r], sizeof(uint16_t), rowlen, + stdout) != rowlen) { goto writerr; } } |