Module: wine Branch: master Commit: 538ef6a5e00b1aeff5c397cbc6dcc4f4d09fc723 URL: https://gitlab.winehq.org/wine/wine/-/commit/538ef6a5e00b1aeff5c397cbc6dcc4f...
Author: Esme Povirk esme@codeweavers.com Date: Sat Apr 27 16:32:11 2024 +0000
windowscodecs: Check for overflow in jpeg_decoder_initialize.
Wine-Bug: https://bugs.winehq.org/show_bug.cgi?id=56590
---
dlls/windowscodecs/libjpeg.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/dlls/windowscodecs/libjpeg.c b/dlls/windowscodecs/libjpeg.c index 3d8caac065c..22903ae4340 100644 --- a/dlls/windowscodecs/libjpeg.c +++ b/dlls/windowscodecs/libjpeg.c @@ -248,6 +248,10 @@ static HRESULT CDECL jpeg_decoder_initialize(struct decoder* iface, IStream *str This->stride = (This->frame.bpp * This->cinfo.output_width + 7) / 8; data_size = This->stride * This->cinfo.output_height;
+ if (data_size / This->stride < This->cinfo.output_height) + /* overflow in multiplication */ + return E_OUTOFMEMORY; + This->image_data = malloc(data_size); if (!This->image_data) return E_OUTOFMEMORY;