Commit 80704d84 authored by Emmanuele Bassi's avatar Emmanuele Bassi
Browse files

Check the memset length argument

Avoid overflows by using the checked multiplication macro for gsize.

Fixes: #132
parent 9410216d
Pipeline #166000 passed with stage
in 5 minutes and 25 seconds
......@@ -412,11 +412,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf (GdkPixbufAnimationIter *anim_iter)
/* If no rendered frame, render the first frame */
if (anim->last_frame == NULL) {
gsize len = 0;
if (anim->last_frame_data == NULL)
anim->last_frame_data = gdk_pixbuf_new (GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height);
if (anim->last_frame_data == NULL)
return NULL;
memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, gdk_pixbuf_get_rowstride (anim->last_frame_data) * anim->height);
if (g_size_checked_mul (&len, gdk_pixbuf_get_rowstride (anim->last_frame_data), anim->height))
memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, len);
else
return NULL;
composite_frame (anim, g_list_nth_data (anim->frames, 0));
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment