timoreo/quirc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

quirc_resize: Make this a bit more careful about integer overflows

Browse source 
Also, avoid malloc(0), which is not too portable.
This commit is contained in:
YAMAMOTO Takashi 2021-05-06 09:54:00 +09:00
parent 772cd3e73f
commit f1dd37fbdb
1 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
lib/quirc.c
View file

@ -50,6 +50,7 @@ int quirc_resize(struct quirc *q, int w, int h)
uint8_t *image = NULL; uint8_t *image = NULL;
quirc_pixel_t *pixels = NULL; quirc_pixel_t *pixels = NULL;
size_t num_vars; size_t num_vars;
size_t vars_byte_size;
struct quirc_flood_fill_vars *vars = NULL; struct quirc_flood_fill_vars *vars = NULL;
/* /*
@ -100,8 +101,19 @@ int quirc_resize(struct quirc *q, int w, int h)
* - the maximum height of rings would be about 1/3 of the image height. * - the maximum height of rings would be about 1/3 of the image height.
*/ */
num_vars = h * 2 / 3; if ((size_t)h * 2 / 2 != h) {
vars = malloc(sizeof(*vars) * num_vars); goto fail; /* size_t overflow */
}
num_vars = (size_t)h * 2 / 3;
if (num_vars == 0) {
num_vars = 1;
}
vars_byte_size = sizeof(*vars) * num_vars;
if (vars_byte_size / sizeof(*vars) != num_vars) {
goto fail; /* size_t overflow */
}
vars = malloc(vars_byte_size);
if (!vars) if (!vars)
goto fail; goto fail;