Commit 1e513abd authored by Bastien Nocera's avatar Bastien Nocera

tiff: Avoid overflowing buffer size computation

Use g_uint_checked_mul() to avoid overflowing the guint used for buffer
size calculation.

https://bugzilla.gnome.org/show_bug.cgi?id=779020
parent 8e60f4b0
......@@ -529,8 +529,15 @@ make_available_at_least (TiffContext *context, guint needed)
need_alloc = context->used + needed;
if (need_alloc > context->allocated) {
guint new_size = 1;
while (new_size < need_alloc)
new_size *= 2;
while (new_size < need_alloc) {
if (!g_uint_checked_mul (&new_size, new_size, 2)) {
new_size = 0;
break;
}
}
if (new_size == 0)
return FALSE;
new_buffer = g_try_realloc (context->buffer, new_size);
if (new_buffer) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment