third_party/libpng/pngrutil.c - Issue 9363013: Fix integer issues in a way that caters for both 32-bit and 64-bit. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(212)

My Issues | Starred Open | Closed | All

Unified Diff: third_party/libpng/pngrutil.c

Issue 9363013: Fix integer issues in a way that caters for both 32-bit and 64-bit. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: '' Created 8 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « third_party/libpng/README.chromium ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: third_party/libpng/pngrutil.c

===================================================================

--- third_party/libpng/pngrutil.c (revision 120786)

+++ third_party/libpng/pngrutil.c (working copy)

@@ -363,8 +363,15 @@

{

/* Success (maybe) - really uncompress the chunk. */

png_size_t new_size = 0;

- png_charp text = png_malloc_warn(png_ptr,

- prefix_size + expanded_size + 1);

+ png_charp text = NULL;

+ /* Need to check for both truncation (64-bit platforms) and integer

+ * overflow.

+ */

+ if (prefix_size + expanded_size > prefix_size &&

+ prefix_size + expanded_size < 0xffffffffU)

+ {

+ text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1);

+ }

if (text != NULL)

{

« no previous file with comments | « third_party/libpng/README.chromium ('k') | no next file » | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698