Skip to content

Commit 53c020f

Browse files
AlexSutilaAlexSutila
committed
Use CImg::safe_size to prevent integer overflow in get_load_jpeg_buffer
1 parent 40d7904 commit 53c020f

1 file changed

Lines changed: 2 additions & 1 deletion

File tree

plugins/jpeg_buffer.h

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -234,7 +234,8 @@ static CImg get_load_jpeg_buffer(const JOCTET *const buffer, const unsigned buff
234234
jpeg_start_decompress(&cinfo);
235235

236236
const unsigned int row_stride = cinfo.output_width * cinfo.output_components;
237-
JOCTET *buf = new JOCTET[cinfo.output_width*cinfo.output_height*cinfo.output_components];
237+
const size_t siz = safe_size(cinfo.output_width,cinfo.output_height,1,cinfo.output_components);
238+
JOCTET *buf = new JOCTET[siz];
238239
const JOCTET *buf2 = buf;
239240
JSAMPROW row_pointer[1];
240241
while (cinfo.output_scanline < cinfo.output_height) {

0 commit comments

Comments
 (0)