Overview

File gdk-pixbuf-tiff-overflow.patch of Package gdk-pixbuf

From 1e513abdb55529f888233d3c96b27352d83aad5f Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Tue, 5 Dec 2017 10:26:49 +0100
Subject: [PATCH] tiff: Avoid overflowing buffer size computation

Use g_uint_checked_mul() to avoid overflowing the guint used for buffer
size calculation.

https://bugzilla.gnome.org/show_bug.cgi?id=779020
---
 gdk-pixbuf/io-tiff.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/gdk-pixbuf/io-tiff.c b/gdk-pixbuf/io-tiff.c
index 7ca0a565a..49fe60eee 100644
--- a/gdk-pixbuf/io-tiff.c
+++ b/gdk-pixbuf/io-tiff.c
@@ -529,8 +529,15 @@ make_available_at_least (TiffContext *context, guint needed)
         need_alloc = context->used + needed;
         if (need_alloc > context->allocated) {
                 guint new_size = 1;
-                while (new_size < need_alloc)
-                        new_size *= 2;
+                while (new_size < need_alloc) {
+                        if (!g_uint_checked_mul (&new_size, new_size, 2)) {
+                                new_size = 0;
+                                break;
+                        }
+                }
+
+                if (new_size == 0)
+                        return FALSE;
 
                 new_buffer = g_try_realloc (context->buffer, new_size);
                 if (new_buffer) {
-- 
2.15.1
openSUSE Build Service is sponsored by
Places