python-pillow/Pillow
1
1
Fork 0
mirror of https://github.com/python-pillow/Pillow.git synced 2025-05-28 01:33:21 +03:00
Code Issues Packages Projects Releases Wiki Activity

overflow check for im->linesize

Browse Source
This commit is contained in:
wiredfool 2016-05-21 07:23:54 -07:00
parent d48e5cd500
commit 768936fa33
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libImaging/Storage.c
View File

@ -56,6 +56,11 @@ ImagingNewPrologueSubtype(const char *mode, int xsize, int ysize,
if (!im)
return (Imaging) ImagingError_MemoryError();
/* linesize overflow check, roughly the current largest space req'd */
if (xsize > (INT_MAX / 4) - 1) {
return (Imaging) ImagingError_MemoryError();
}
/* Setup image descriptor */
im->xsize = xsize;
im->ysize = ysize;
@ -306,8 +311,8 @@ ImagingNewArray(const char *mode, int xsize, int ysize)
/* Allocate image as an array of lines */
for (y = 0; y < im->ysize; y++) {
/* malloc check UNDONE - where is linesize set? */
p = (char *) malloc(im->linesize);
/* malloc check linesize checked in prologue */
p = (char *) calloc(1, im->linesize);
if (!p) {
ImagingDestroyArray(im);
break;