diff options
| author | wm4 <wm4@nowhere> | 2014-11-14 01:45:09 +0100 |
|---|---|---|
| committer | wm4 <wm4@nowhere> | 2014-11-14 01:45:09 +0100 |
| commit | 2fe3ce09af3a4e399f3758fe15fc946c0fa5ef50 (patch) | |
| tree | 712f7906298bc3adac63837d5d416188aa55db15 | |
| parent | f7af5424c67694e5812685e0a9d463446a8e4fa7 (diff) | |
| download | libass-2fe3ce09af3a4e399f3758fe15fc946c0fa5ef50.tar.bz2 libass-2fe3ce09af3a4e399f3758fe15fc946c0fa5ef50.tar.xz | |
Fix the bug
Commit 8536eaa was slightly broken: for some incomprehensible reason,
(w + 1) memory instead of w is needed. The missing space could lead to
memory corruption and crashes.
| -rw-r--r-- | libass/ass_bitmap.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libass/ass_bitmap.c b/libass/ass_bitmap.c index 2955b9f..aadce59 100644 --- a/libass/ass_bitmap.c +++ b/libass/ass_bitmap.c @@ -124,9 +124,9 @@ static bool generate_tables(ASS_SynthPriv *priv, double radius) static bool resize_tmp(ASS_SynthPriv *priv, int w, int h) { - if (w > SIZE_MAX / sizeof(unsigned) / h) + if ((w - 1) > SIZE_MAX / sizeof(unsigned) / h) return false; - size_t needed = sizeof(unsigned) * w * h; + size_t needed = sizeof(unsigned) * (w + 1) * h; if (priv->tmp && priv->tmp_allocated >= needed) return true; if (needed >= SIZE_MAX / 2) |