Bug 735982 - [PATCH] Fix potential allocation of huge memory amount due to type overflow in src/lodepng.cpp

author: Dimitri van Heesch <dimitri@stack.nl> 2014-09-23 18:50:48 (GMT)
committer: Dimitri van Heesch <dimitri@stack.nl> 2014-09-23 18:50:48 (GMT)
commit: 30870ef90f4a74e7c53a6856b10bcd2f16e4d1bd (patch)
tree: 8ada738384bc6bd51d187bf8d4c71be8a57cde93 /src/lodepng.cpp
parent: 68aa8c2bd8a5e6a8ad7c46c725c8bb5e61896ba0 (diff)
download: Doxygen-30870ef90f4a74e7c53a6856b10bcd2f16e4d1bd.zip
Doxygen-30870ef90f4a74e7c53a6856b10bcd2f16e4d1bd.tar.gz
Doxygen-30870ef90f4a74e7c53a6856b10bcd2f16e4d1bd.tar.bz2
1 files changed, 6 insertions, 3 deletions
diff --git a/src/lodepng.cpp b/src/lodepng.cpp
index 3bf1d46..46011a8 100644
--- a/src/lodepng.cpp
+++ b/src/lodepng.cpp
@@ -4125,9 +4125,12 @@ unsigned LodePNG_loadFile(unsigned char** out, size_t* outsize, const char* file
   rewind(file);
   
   /*read contents of the file into the vector*/
-  *outsize = 0;
-  *out = (unsigned char*)malloc((size_t)size);
-  if(size && (*out)) (*outsize) = fread(*out, 1, (size_t)size, file);
+  if (size>0)
+  {
+    *outsize = 0;
+    *out = (unsigned char*)malloc((size_t)size);
+    if(size && (*out)) (*outsize) = fread(*out, 1, (size_t)size, file);
+  }
 
   fclose(file);
   if(!(*out) && size) return 80; /*the above malloc failed*/
author	Dimitri van Heesch <dimitri@stack.nl>	2014-09-23 18:50:48 (GMT)
committer	Dimitri van Heesch <dimitri@stack.nl>	2014-09-23 18:50:48 (GMT)
commit	30870ef90f4a74e7c53a6856b10bcd2f16e4d1bd (patch)
tree	8ada738384bc6bd51d187bf8d4c71be8a57cde93 /src/lodepng.cpp
parent	68aa8c2bd8a5e6a8ad7c46c725c8bb5e61896ba0 (diff)
download	Doxygen-30870ef90f4a74e7c53a6856b10bcd2f16e4d1bd.zip Doxygen-30870ef90f4a74e7c53a6856b10bcd2f16e4d1bd.tar.gz Doxygen-30870ef90f4a74e7c53a6856b10bcd2f16e4d1bd.tar.bz2