ref: 8137443a9ef2afed0ef7489b64e501daebb7f123
parent: de541912decffc32bc9872bf37281add45f12cb5
author: Sebastian Rasmussen <sebras@gmail.com>
date: Fri Jul 20 07:43:54 EDT 2018
jbig2dec: Change overflow check for allocations. The maximum size of an allocation was previously limited to (maximum value of size_t)-256 bytes. Use SIZE_MAX instead.
--- a/jbig2.c
+++ b/jbig2.c
@@ -26,6 +26,7 @@
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
+#include <limits.h>
#include "jbig2.h"
#include "jbig2_priv.h"
@@ -60,8 +61,9 @@
void *
jbig2_alloc(Jbig2Allocator *allocator, size_t size, size_t num)
{- /* check for integer multiplication overflow */
- if (num > 0 && size >= (size_t) - 0x100 / num)
+ /* Check for integer multiplication overflow when computing
+ the full size of the allocation. */
+ if (num > 0 && size > SIZE_MAX / num)
return NULL;
return allocator->alloc(allocator, size * num);
}
@@ -506,7 +508,7 @@
jbig2_realloc(Jbig2Allocator *allocator, void *p, size_t size, size_t num)
{/* check for integer multiplication overflow */
- if (num > 0 && size >= (size_t) - 0x100 / num)
+ if (num > 0 && size >= SIZE_MAX / num)
return NULL;
return allocator->realloc(allocator, p, size * num);
}