Commit 538ef6a5 authored by Esme Povirk's avatar Esme Povirk Committed by Alexandre Julliard

windowscodecs: Check for overflow in jpeg_decoder_initialize.

parent e7225aaa
...@@ -248,6 +248,10 @@ static HRESULT CDECL jpeg_decoder_initialize(struct decoder* iface, IStream *str ...@@ -248,6 +248,10 @@ static HRESULT CDECL jpeg_decoder_initialize(struct decoder* iface, IStream *str
This->stride = (This->frame.bpp * This->cinfo.output_width + 7) / 8; This->stride = (This->frame.bpp * This->cinfo.output_width + 7) / 8;
data_size = This->stride * This->cinfo.output_height; data_size = This->stride * This->cinfo.output_height;
if (data_size / This->stride < This->cinfo.output_height)
/* overflow in multiplication */
return E_OUTOFMEMORY;
This->image_data = malloc(data_size); This->image_data = malloc(data_size);
if (!This->image_data) if (!This->image_data)
return E_OUTOFMEMORY; return E_OUTOFMEMORY;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment