From e637aae67ededf6a4a0b4d490d02f3294f297b71 Mon Sep 17 00:00:00 2001
From: FRIGN <dev@frign.de>
Date: Fri, 18 Mar 2016 19:49:11 +0100
Subject: Prevent overflow in rowlen and improve inaccuracies in style

---
 ff2png.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'ff2png.c')

diff --git a/ff2png.c b/ff2png.c
index bf210fb..4304bbb 100644
--- a/ff2png.c
+++ b/ff2png.c
@@ -61,7 +61,11 @@ main(int argc, char *argv[])
 	png_write_info(pngs, pngi);
 
 	/* write rows */
-	rowlen = (sizeof("RGBA") - 1) * width;
+	if (width > SIZE_MAX / ((sizeof("RGBA") - 1) * sizeof(uint16_t))) {
+		fprintf(stderr, "%s: row length integer overflow\n", argv0);
+		return 1;
+	}
+	rowlen = width * (sizeof("RGBA") - 1);
 	if (!(row = malloc(rowlen * sizeof(uint16_t)))) {
 		fprintf(stderr, "%s: malloc: out of memory\n", argv0);
 		return 1;
-- 
cgit v1.2.3