Prevent overflow in rowlen and improve inaccuracies in style - farbfeld - suckless image format with conversion tools
(HTM) git clone git://git.suckless.org/farbfeld
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit e637aae67ededf6a4a0b4d490d02f3294f297b71
(DIR) parent 49cef794d9cef3c1ab8478963a7f778c8c28eb70
(HTM) Author: FRIGN <dev@frign.de>
Date: Fri, 18 Mar 2016 19:49:11 +0100
Prevent overflow in rowlen and improve inaccuracies in style
Diffstat:
M ff2png.c | 6 +++++-
M jpg2ff.c | 5 ++---
M png2ff.c | 11 +++++++----
3 files changed, 14 insertions(+), 8 deletions(-)
---
(DIR) diff --git a/ff2png.c b/ff2png.c
@@ -61,7 +61,11 @@ main(int argc, char *argv[])
png_write_info(pngs, pngi);
/* write rows */
- rowlen = (sizeof("RGBA") - 1) * width;
+ if (width > SIZE_MAX / ((sizeof("RGBA") - 1) * sizeof(uint16_t))) {
+ fprintf(stderr, "%s: row length integer overflow\n", argv0);
+ return 1;
+ }
+ rowlen = width * (sizeof("RGBA") - 1);
if (!(row = malloc(rowlen * sizeof(uint16_t)))) {
fprintf(stderr, "%s: malloc: out of memory\n", argv0);
return 1;
(DIR) diff --git a/jpg2ff.c b/jpg2ff.c
@@ -5,7 +5,6 @@
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
#include <jpeglib.h>
@@ -58,7 +57,7 @@ main(int argc, char *argv[])
jpgrow = (*js.mem->alloc_sarray)((j_common_ptr)&js,
JPOOL_IMAGE, width *
js.output_components, 1);
- rowlen = strlen("RGBA") * width;
+ rowlen = width * (sizeof("RGBA") - 1);
if(!(row = malloc(rowlen * sizeof(uint16_t)))) {
fprintf(stderr, "%s: malloc: out of memory\n", argv0);
return 1;
@@ -89,7 +88,7 @@ main(int argc, char *argv[])
}
/* write data */
- if (fwrite(row, 2, rowlen, stdout) != rowlen)
+ if (fwrite(row, sizeof(uint16_t), rowlen, stdout) != rowlen)
goto writerr;
}
jpeg_finish_decompress(&js);
(DIR) diff --git a/png2ff.c b/png2ff.c
@@ -5,7 +5,6 @@
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
-#include <string.h>
#include <png.h>
@@ -57,7 +56,11 @@ main(int argc, char *argv[])
pngrows = png_get_rows(pngs, pngi);
/* allocate output row buffer */
- rowlen = width * strlen("RGBA");
+ if (width > SIZE_MAX / ((sizeof("RGBA") - 1) * sizeof(uint16_t))) {
+ fprintf(stderr, "%s: row length integer overflow\n", argv0);
+ return 1;
+ }
+ rowlen = width * (sizeof("RGBA") - 1);
if (!(row = malloc(rowlen * sizeof(uint16_t)))) {
fprintf(stderr, "%s: malloc: out of memory\n", argv0);
return 1;
@@ -87,8 +90,8 @@ main(int argc, char *argv[])
break;
case 16:
for (r = 0; r < height; ++r) {
- if (fwrite(pngrows[r], sizeof(uint16_t),
- rowlen, stdout) != rowlen) {
+ if (fwrite(pngrows[r], sizeof(uint16_t), rowlen,
+ stdout) != rowlen) {
goto writerr;
}
}