summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--libass/ass_bitmap.c5
-rw-r--r--libass/ass_utils.h2
2 files changed, 6 insertions, 1 deletions
diff --git a/libass/ass_bitmap.c b/libass/ass_bitmap.c
index 11ca1e8..2c523b4 100644
--- a/libass/ass_bitmap.c
+++ b/libass/ass_bitmap.c
@@ -230,7 +230,10 @@ static Bitmap *alloc_bitmap_raw(int w, int h)
Bitmap *bm;
unsigned align = (w >= 32) ? 32 : ((w >= 16) ? 16 : 1);
- unsigned s = ass_align(align, w);
+ size_t s = ass_align(align, w);
+ // Too often we use ints as offset for bitmaps => use INT_MAX.
+ if (s > (INT_MAX - 32) / FFMAX(h, 1))
+ return NULL;
bm = malloc(sizeof(Bitmap));
if (!bm)
return NULL;
diff --git a/libass/ass_utils.h b/libass/ass_utils.h
index 5055e88..1ce451c 100644
--- a/libass/ass_utils.h
+++ b/libass/ass_utils.h
@@ -98,6 +98,8 @@ double ass_strtod(const char *string, char **endPtr);
static inline size_t ass_align(size_t alignment, size_t s)
{
+ if (s > SIZE_MAX - (alignment - 1))
+ return s;
return (s + (alignment - 1)) & ~(alignment - 1);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 15:54:37 +0000