libretro/RetroArch
1
0
Fork 0
mirror of https://github.com/libretro/RetroArch.git synced 2024-11-23 16:09:47 +00:00
Code Issues Actions 23 Packages Projects Releases Wiki Activity

rpng: Fix some memory corruption if processing broken input

Browse Source
This commit is contained in:
Alcaro 2021-05-17 08:43:53 +02:00
parent a9426925cf
commit 654aae58d6
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libretro-common/formats/png/rpng.c
View File

@ -1035,7 +1035,9 @@ bool rpng_iterate_image(rpng_t *rpng)
rpng->ihdr.interlace = buf[12];
if ( rpng->ihdr.width == 0
|| rpng->ihdr.height == 0)
|| rpng->ihdr.height == 0
/* ensure multiplications don't overflow and wrap around, that'd give buffer overflow crashes */
|| (uint64_t)rpng->ihdr.width*rpng->ihdr.height*sizeof(uint32_t) >= 0x80000000)
return false;
if (!png_process_ihdr(&rpng->ihdr))
@ -1169,6 +1171,7 @@ error:
if (rpng->process->stream)
rpng->process->stream_backend->stream_free(rpng->process->stream);
free(rpng->process);
rpng->process = NULL;
}
return IMAGE_PROCESS_ERROR;
}