libretro/RetroArch
1
0
Fork 0
mirror of https://github.com/libretro/RetroArch.git synced 2024-11-28 10:40:39 +00:00
Code Issues Actions 23 Packages Projects Releases Wiki Activity

Merge pull request #12410 from Alcaro/master

Browse Source 
rpng: Fix some memory corruption if processing broken input
This commit is contained in:
Autechre 2021-05-17 13:22:51 +02:00 committed by GitHub
commit 90abd49892
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libretro-common/formats/png/rpng.c
View File

@ -1035,7 +1035,9 @@ bool rpng_iterate_image(rpng_t *rpng)
rpng->ihdr.interlace = buf[12];
if ( rpng->ihdr.width == 0
|| rpng->ihdr.height == 0)
|| rpng->ihdr.height == 0
/* ensure multiplications don't overflow and wrap around, that'd give buffer overflow crashes */
|| (uint64_t)rpng->ihdr.width*rpng->ihdr.height*sizeof(uint32_t) >= 0x80000000)
return false;
if (!png_process_ihdr(&rpng->ihdr))
@ -1169,6 +1171,7 @@ error:
if (rpng->process->stream)
rpng->process->stream_backend->stream_free(rpng->process->stream);
free(rpng->process);
rpng->process = NULL;
}
return IMAGE_PROCESS_ERROR;
}