pngdec: Avoid possible overflow in calculations
authorJan Schmidt <thaytan@noraisin.net>
Wed, 27 May 2009 16:06:34 +0000 (17:06 +0100)
committerJan Schmidt <thaytan@noraisin.net>
Tue, 2 Jun 2009 12:44:39 +0000 (13:44 +0100)
commitd9544bcc44adcef769cbdf7f6453e140058a3adc
tree8b0c7d3404113a8dfd8817ba9b671fde556512fb
parent552793473f3a59a56f31699cb74b114081198413
pngdec: Avoid possible overflow in calculations

A malformed (or simply huge) PNG file can lead to integer overflow in
calculating the size of the output buffer, leading to crashes or buffer
overflows later. Fixes SA35205 security advisory.
ext/libpng/gstpngdec.c