Changeset 69d4aba in mainline


Ignore:
Timestamp:
2024-08-22T13:08:34Z (3 months ago)
Author:
Jiří Zárevúcky <zarevucky.jiri@…>
Branches:
master
Children:
cde067e
Parents:
7268bf1
Message:

libgfximage: Fix integer multiplication overflow in TGA parser

File:
1 edited

Legend:

Unmodified
Added
Removed

  • uspace/lib/gfximage/src/tga.c

    r7268bf1 r69d4aba  
    155155        tga->img_alpha_dir = (head->img_descr & 0xf0) >> 4;
    156156        tga->img_data = tga->cmap_data + tga->cmap_length;
    157         tga->img_length = ALIGN_UP(tga->width * tga->height * tga->img_bpp, 8) >> 3;
     157
     158        uint64_t length = (uint64_t) tga->width * tga->height * tga->img_bpp;
     159        if (length & 0x7)
     160                length += 8;
     161        length >>= 3;
     162
     163        if (length > SIZE_MAX - sizeof(tga_header_t) - tga->id_length -
     164            tga->cmap_length)
     165                return false;
     166
     167        tga->img_length = length;
    158168
    159169        if (size < sizeof(tga_header_t) + tga->id_length +
Note: See TracChangeset for help on using the changeset viewer.