diff options
author | wm4 <wm4@nowhere> | 2014-11-16 17:23:12 +0100 |
---|---|---|
committer | wm4 <wm4@nowhere> | 2014-11-16 17:23:12 +0100 |
commit | 045f646ab3b076002aef5e24b3e51713f40492cc (patch) | |
tree | 9442b701aa1e56cf6ed3a45607a4715943b71f08 /libass/ass_bitmap.c | |
parent | 5d654cff0a2e27e1610ba2356efa703dcdfd297f (diff) | |
download | libass-045f646ab3b076002aef5e24b3e51713f40492cc.tar.bz2 libass-045f646ab3b076002aef5e24b3e51713f40492cc.tar.xz |
Check bitmap allocation for overflows
This actually fixes #146.
The overflow check itself is obvious. Also, make ass_align() return an
unaligned value if aligning it would overflow. This is probably better,
as it for example makes the overflow check in the caller simpler.
Diffstat (limited to 'libass/ass_bitmap.c')
-rw-r--r-- | libass/ass_bitmap.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/libass/ass_bitmap.c b/libass/ass_bitmap.c index 11ca1e8..2c523b4 100644 --- a/libass/ass_bitmap.c +++ b/libass/ass_bitmap.c @@ -230,7 +230,10 @@ static Bitmap *alloc_bitmap_raw(int w, int h) Bitmap *bm; unsigned align = (w >= 32) ? 32 : ((w >= 16) ? 16 : 1); - unsigned s = ass_align(align, w); + size_t s = ass_align(align, w); + // Too often we use ints as offset for bitmaps => use INT_MAX. + if (s > (INT_MAX - 32) / FFMAX(h, 1)) + return NULL; bm = malloc(sizeof(Bitmap)); if (!bm) return NULL; |