summaryrefslogtreecommitdiffstats
path: root/libass/ass_bitmap.c
diff options
context:
space:
mode:
authorwm4 <wm4@nowhere>2014-11-16 17:23:12 +0100
committerwm4 <wm4@nowhere>2014-11-16 17:23:12 +0100
commit045f646ab3b076002aef5e24b3e51713f40492cc (patch)
tree9442b701aa1e56cf6ed3a45607a4715943b71f08 /libass/ass_bitmap.c
parent5d654cff0a2e27e1610ba2356efa703dcdfd297f (diff)
downloadlibass-045f646ab3b076002aef5e24b3e51713f40492cc.tar.bz2
libass-045f646ab3b076002aef5e24b3e51713f40492cc.tar.xz
Check bitmap allocation for overflows
This actually fixes #146. The overflow check itself is obvious. Also, make ass_align() return an unaligned value if aligning it would overflow. This is probably better, as it for example makes the overflow check in the caller simpler.
Diffstat (limited to 'libass/ass_bitmap.c')
-rw-r--r--libass/ass_bitmap.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/libass/ass_bitmap.c b/libass/ass_bitmap.c
index 11ca1e8..2c523b4 100644
--- a/libass/ass_bitmap.c
+++ b/libass/ass_bitmap.c
@@ -230,7 +230,10 @@ static Bitmap *alloc_bitmap_raw(int w, int h)
Bitmap *bm;
unsigned align = (w >= 32) ? 32 : ((w >= 16) ? 16 : 1);
- unsigned s = ass_align(align, w);
+ size_t s = ass_align(align, w);
+ // Too often we use ints as offset for bitmaps => use INT_MAX.
+ if (s > (INT_MAX - 32) / FFMAX(h, 1))
+ return NULL;
bm = malloc(sizeof(Bitmap));
if (!bm)
return NULL;