---------------------------------------------------------------------------
- Copyright (c) 1998-2007 Greg Roelofs. All rights reserved.
+ Copyright (c) 1998-2007,2017 Greg Roelofs. All rights reserved.
This software is provided "as is," without warranty of any kind,
express or implied. In no event shall the author or contributors
*pRowbytes = rowbytes = channels*width;
*pChannels = channels;
- if ((image_data = (uch *)malloc(rowbytes*height)) == NULL) {
+ Trace((stderr, "readpng_get_image: rowbytes = %ld, height = %ld\n", rowbytes, height));
+
+ /* Guard against integer overflow */
+ if (height > ((size_t)(-1))/rowbytes) {
+ fprintf(stderr, PROGNAME ": image_data buffer would be too large\n",
return NULL;
}
- Trace((stderr, "readpng_get_image: rowbytes = %ld, height = %ld\n", rowbytes, height));
-
+ if ((image_data = (uch *)malloc(rowbytes*height)) == NULL) {
+ return NULL;
+ }
/* now we can go ahead and just read the whole image */