diff options
author | jan.nijtmans <nijtmans@users.sourceforge.net> | 2021-01-08 14:36:27 (GMT) |
---|---|---|
committer | jan.nijtmans <nijtmans@users.sourceforge.net> | 2021-01-08 14:36:27 (GMT) |
commit | be5e079937b3911aa69421b2d9a83c7b97c5d8d3 (patch) | |
tree | 159234fadf20b033ea784bcd0ddee18c50c041b5 /generic/tkImgSVGnano.c | |
parent | b0485d1db2987e875693a1304438f2f98b4a0526 (diff) | |
download | tk-be5e079937b3911aa69421b2d9a83c7b97c5d8d3.zip tk-be5e079937b3911aa69421b2d9a83c7b97c5d8d3.tar.gz tk-be5e079937b3911aa69421b2d9a83c7b97c5d8d3.tar.bz2 |
Slightly better overflow-check, without doing too many re-calculations of the same multiply
Diffstat (limited to 'generic/tkImgSVGnano.c')
-rw-r--r-- | generic/tkImgSVGnano.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/generic/tkImgSVGnano.c b/generic/tkImgSVGnano.c index 85288ec..59cd391 100644 --- a/generic/tkImgSVGnano.c +++ b/generic/tkImgSVGnano.c @@ -592,14 +592,15 @@ RasterizeSVG( goto cleanAST; } - /* Tk Ticket [822330269b] Check potential int overflow in following ckalloc*/ - if ( w * h < 0 || w * h > INT_MAX / 4) { + /* Tk Ticket [822330269b] Check potential int overflow in following ckalloc */ + unsigned long long wh = (unsigned long long)w * (unsigned long long)h; + if ( wh > INT_MAX / 4) { Tcl_SetObjResult(interp, Tcl_NewStringObj("image size overflow", -1)); Tcl_SetErrorCode(interp, "TK", "IMAGE", "SVG", "IMAGE_SIZE_OVERFLOW", NULL); goto cleanRAST; } - - imgData = (unsigned char *)attemptckalloc(w * h *4); + + imgData = (unsigned char *)attemptckalloc(wh * 4); if (imgData == NULL) { Tcl_SetObjResult(interp, Tcl_NewStringObj("cannot alloc image buffer", -1)); Tcl_SetErrorCode(interp, "TK", "IMAGE", "SVG", "OUT_OF_MEMORY", NULL); |