Prevent overflow in rowlen and improve inaccuracies in style

author: FRIGN <dev@frign.de> 2016-03-18 19:49:11 +0100
committer: FRIGN <dev@frign.de> 2016-03-18 19:49:11 +0100
commit: e637aae67ededf6a4a0b4d490d02f3294f297b71 (patch)
tree: 8f09a69a6f68aed99205239f6eef1c11d3943b47 /png2ff.c
parent: 49cef794d9cef3c1ab8478963a7f778c8c28eb70 (diff)
1 files changed, 7 insertions, 4 deletions
diff --git a/png2ff.c b/png2ff.c
index cf85b32..55456e3 100644
--- a/png2ff.c
+++ b/png2ff.c
@@ -5,7 +5,6 @@
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
 
 #include <png.h>
 
@@ -57,7 +56,11 @@ main(int argc, char *argv[])
 	pngrows = png_get_rows(pngs, pngi);
 
 	/* allocate output row buffer */
-	rowlen = width * strlen("RGBA");
+	if (width > SIZE_MAX / ((sizeof("RGBA") - 1) * sizeof(uint16_t))) {
+		fprintf(stderr, "%s: row length integer overflow\n", argv0);
+		return 1;
+	}
+	rowlen = width * (sizeof("RGBA") - 1);
 	if (!(row = malloc(rowlen * sizeof(uint16_t)))) {
 		fprintf(stderr, "%s: malloc: out of memory\n", argv0);
 		return 1;
@@ -87,8 +90,8 @@ main(int argc, char *argv[])
 		break;
 	case 16:
 		for (r = 0; r < height; ++r) {
-			if (fwrite(pngrows[r], sizeof(uint16_t),
-			           rowlen, stdout) != rowlen) {
+			if (fwrite(pngrows[r], sizeof(uint16_t), rowlen,
+			           stdout) != rowlen) {
 				goto writerr;
 			}
 		}
author	FRIGN <dev@frign.de>	2016-03-18 19:49:11 +0100
committer	FRIGN <dev@frign.de>	2016-03-18 19:49:11 +0100
commit	e637aae67ededf6a4a0b4d490d02f3294f297b71 (patch)
tree	8f09a69a6f68aed99205239f6eef1c11d3943b47 /png2ff.c
parent	49cef794d9cef3c1ab8478963a7f778c8c28eb70 (diff)