Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-1.1
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-1.1
Commits
4e541fa9
Commit
4e541fa9
authored
Oct 30, 2009
by
Rafaël Carré
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
__vout_AllocatePicture() : check all possibilities of integer overflow
Thanks to nefrir and mfwitten on irc for their help
parent
7c081ad1
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
25 additions
and
2 deletions
+25
-2
src/video_output/vout_pictures.c
src/video_output/vout_pictures.c
+25
-2
No files found.
src/video_output/vout_pictures.c
View file @
4e541fa9
...
...
@@ -570,8 +570,31 @@ int __vout_AllocatePicture( vlc_object_t *p_this, picture_t *p_pic,
}
/* Calculate how big the new image should be */
size_t
i_bytes
=
(
size_t
)
p_pic
->
format
.
i_bits_per_pixel
*
i_width_aligned
*
i_height_aligned
/
8
;
/*
* bytes = width_aligned * height_aligned * bpp / 8
* We need to check for an integer overflow at each multiplication since
* height & width (and bpp?) could be arbitrary large
*/
size_t
i_bytes
=
0
;
/* i_width_aligned is a multiple of 16, so we can divide by 8 now */
size_t
i_width_aligned_divided
=
i_width_aligned
/
8
;
if
(
i_width_aligned_divided
<=
(
SIZE_MAX
/
i_height_aligned
)
)
{
size_t
i_pixels_divided
=
i_width_aligned_divided
*
i_height_aligned
;
size_t
i_bpp
=
p_pic
->
format
.
i_bits_per_pixel
;
if
(
i_pixels_divided
<=
(
SIZE_MAX
/
i_bpp
)
)
{
i_bytes
=
i_pixels_divided
*
i_bpp
;
}
}
if
(
i_bytes
==
0
)
{
p_pic
->
i_planes
=
0
;
return
VLC_ENOMEM
;
}
p_pic
->
p_data
=
vlc_memalign
(
&
p_pic
->
p_data_orig
,
16
,
i_bytes
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment