Commit f63ba36d authored by Nils Philippsen's avatar Nils Philippsen

Use more defensive coding in plausibility check.

Use an equivalent division instead of multiplying values and checking if
they are more than G_MAXINT32, because divisions cannot overflow.
parent 43d57c66
......@@ -451,10 +451,10 @@ ReadBMP (const gchar *name,
}
/* protect against integer overflows caused by malicious BMPs */
/* use divisions in comparisons to avoid type overflows */
if (((guint64) Bitmap_Head.biWidth) * Bitmap_Head.biBitCnt > G_MAXINT32 ||
((guint64) Bitmap_Head.biWidth) * ABS (Bitmap_Head.biHeight) > G_MAXINT32 ||
((guint64) Bitmap_Head.biWidth) * ABS (Bitmap_Head.biHeight) * 4 > G_MAXINT32)
if (((guint64) Bitmap_Head.biWidth) > G_MAXINT32 / Bitmap_Head.biBitCnt ||
((guint64) Bitmap_Head.biWidth) > (G_MAXINT32 / ABS (Bitmap_Head.biHeight)) / 4)
{
g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
_("'%s' is not a valid BMP file"),
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment