Module: wine Branch: master Commit: 538ef6a5e00b1aeff5c397cbc6dcc4f4d09fc723 URL: https://gitlab.winehq.org/wine/wine/-/commit/538ef6a5e00b1aeff5c397cbc6dcc4f... Author: Esme Povirk <esme(a)codeweavers.com> Date: Sat Apr 27 16:32:11 2024 +0000 windowscodecs: Check for overflow in jpeg_decoder_initialize. Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=56590 --- dlls/windowscodecs/libjpeg.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/dlls/windowscodecs/libjpeg.c b/dlls/windowscodecs/libjpeg.c index 3d8caac065c..22903ae4340 100644 --- a/dlls/windowscodecs/libjpeg.c +++ b/dlls/windowscodecs/libjpeg.c @@ -248,6 +248,10 @@ static HRESULT CDECL jpeg_decoder_initialize(struct decoder* iface, IStream *str This->stride = (This->frame.bpp * This->cinfo.output_width + 7) / 8; data_size = This->stride * This->cinfo.output_height; + if (data_size / This->stride < This->cinfo.output_height) + /* overflow in multiplication */ + return E_OUTOFMEMORY; + This->image_data = malloc(data_size); if (!This->image_data) return E_OUTOFMEMORY;