1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-09 00:00:04 +01:00

upng: implement stricter integer overflow check

https://github.com/warmcat/libwebsockets/pull/3156
This commit is contained in:
iwashiira 2024-05-30 05:37:57 +00:00 committed by Andy Green
parent 0a5a701cfc
commit a7e21153b0

View file

@ -486,7 +486,7 @@ lws_upng_decode(lws_upng_t* u, const uint8_t **_pos, size_t *_size)
if (!u->inf.out) {
size_t ims = (u->u.bypl * 2) + u->inf.info_size;
if (u->inf.info_size > ims) {
if (u->u.bypl > UINT_MAX / 2 || u->inf.info_size > UINT_MAX - (u->u.bypl * 2)) {
lwsl_err("%s: integer overflow occur in ims %llu",
__func__, (unsigned long long)ims);
return LWS_SRET_FATAL + 27;