diff options
-rw-r--r-- | libass/ass_bitmap.c | 5 | ||||
-rw-r--r-- | libass/ass_utils.h | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/libass/ass_bitmap.c b/libass/ass_bitmap.c index 11ca1e8..2c523b4 100644 --- a/libass/ass_bitmap.c +++ b/libass/ass_bitmap.c @@ -230,7 +230,10 @@ static Bitmap *alloc_bitmap_raw(int w, int h) Bitmap *bm; unsigned align = (w >= 32) ? 32 : ((w >= 16) ? 16 : 1); - unsigned s = ass_align(align, w); + size_t s = ass_align(align, w); + // Too often we use ints as offset for bitmaps => use INT_MAX. + if (s > (INT_MAX - 32) / FFMAX(h, 1)) + return NULL; bm = malloc(sizeof(Bitmap)); if (!bm) return NULL; diff --git a/libass/ass_utils.h b/libass/ass_utils.h index 5055e88..1ce451c 100644 --- a/libass/ass_utils.h +++ b/libass/ass_utils.h @@ -98,6 +98,8 @@ double ass_strtod(const char *string, char **endPtr); static inline size_t ass_align(size_t alignment, size_t s) { + if (s > SIZE_MAX - (alignment - 1)) + return s; return (s + (alignment - 1)) & ~(alignment - 1); } |