summaryrefslogtreecommitdiff
path: root/splash
diff options
context:
space:
mode:
authorAlbert Astals Cid <aacid@kde.org>2019-12-21 09:56:38 +0100
committerAlbert Astals Cid <aacid@kde.org>2019-12-21 09:56:38 +0100
commita0289d279d5de130065bc7f35eb264d9ba42b682 (patch)
treed4faec9a4dfebc703563dd8bf199d1e2000a500f /splash
parentac4bbb3cefbe020bbe9af8ac361974c5c2dee3d3 (diff)
Splash::scaleImageYdXu: Protect against crash if srcWidth is too big
oss-fuzz/19630
Diffstat (limited to 'splash')
-rw-r--r--splash/Splash.cc6
1 files changed, 5 insertions, 1 deletions
diff --git a/splash/Splash.cc b/splash/Splash.cc
index 5491fcc0..3d80b5c4 100644
--- a/splash/Splash.cc
+++ b/splash/Splash.cc
@@ -4356,8 +4356,12 @@ void Splash::scaleImageYdXu(SplashImageSource src, void *srcData,
xq = scaledWidth % srcWidth;
// allocate buffers
+ pixBuf = (unsigned int *)gmallocn_checkoverflow(srcWidth, nComps * sizeof(int));
+ if (unlikely(!pixBuf)) {
+ error(errInternal, -1, "Splash::scaleImageYdXu. Couldn't allocate pixBuf memory");
+ return;
+ }
lineBuf = (unsigned char *)gmallocn(srcWidth, nComps);
- pixBuf = (unsigned int *)gmallocn(srcWidth, nComps * sizeof(int));
if (srcAlpha) {
alphaLineBuf = (unsigned char *)gmalloc(srcWidth);
alphaPixBuf = (unsigned int *)gmallocn(srcWidth, sizeof(int));