summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--generic/tkImgSVGnano.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/generic/tkImgSVGnano.c b/generic/tkImgSVGnano.c
index 85288ec..59cd391 100644
--- a/generic/tkImgSVGnano.c
+++ b/generic/tkImgSVGnano.c
@@ -592,14 +592,15 @@ RasterizeSVG(
goto cleanAST;
}
- /* Tk Ticket [822330269b] Check potential int overflow in following ckalloc*/
- if ( w * h < 0 || w * h > INT_MAX / 4) {
+ /* Tk Ticket [822330269b] Check potential int overflow in following ckalloc */
+ unsigned long long wh = (unsigned long long)w * (unsigned long long)h;
+ if ( wh > INT_MAX / 4) {
Tcl_SetObjResult(interp, Tcl_NewStringObj("image size overflow", -1));
Tcl_SetErrorCode(interp, "TK", "IMAGE", "SVG", "IMAGE_SIZE_OVERFLOW", NULL);
goto cleanRAST;
}
-
- imgData = (unsigned char *)attemptckalloc(w * h *4);
+
+ imgData = (unsigned char *)attemptckalloc(wh * 4);
if (imgData == NULL) {
Tcl_SetObjResult(interp, Tcl_NewStringObj("cannot alloc image buffer", -1));
Tcl_SetErrorCode(interp, "TK", "IMAGE", "SVG", "OUT_OF_MEMORY", NULL);
generated by cgit v0.12 at 2024-11-10 09:41:07 (GMT)