|
Packit |
ed3af9 |
/*
|
|
Packit |
ed3af9 |
* gd_security.c
|
|
Packit |
ed3af9 |
*
|
|
Packit |
ed3af9 |
* Implements buffer overflow check routines.
|
|
Packit |
ed3af9 |
*
|
|
Packit |
ed3af9 |
* Written 2004, Phil Knirsch.
|
|
Packit |
ed3af9 |
* Based on netpbm fixes by Alan Cox.
|
|
Packit |
ed3af9 |
*
|
|
Packit |
ed3af9 |
*/
|
|
Packit |
ed3af9 |
|
|
Packit |
ed3af9 |
#ifdef HAVE_CONFIG_H
|
|
Packit |
ed3af9 |
#include "config.h"
|
|
Packit |
ed3af9 |
#endif
|
|
Packit |
ed3af9 |
|
|
Packit |
ed3af9 |
#include <stdio.h>
|
|
Packit |
ed3af9 |
#include <stdlib.h>
|
|
Packit |
ed3af9 |
#include <limits.h>
|
|
Packit |
ed3af9 |
#include "gd.h"
|
|
Packit |
ed3af9 |
#include "gd_errors.h"
|
|
Packit |
ed3af9 |
|
|
Packit |
ed3af9 |
int overflow2(int a, int b)
|
|
Packit |
ed3af9 |
{
|
|
Packit |
ed3af9 |
if(a <= 0 || b <= 0) {
|
|
Packit |
ed3af9 |
gd_error_ex(GD_WARNING, "one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully\n");
|
|
Packit |
ed3af9 |
return 1;
|
|
Packit |
ed3af9 |
}
|
|
Packit |
ed3af9 |
if(a > INT_MAX / b) {
|
|
Packit |
ed3af9 |
gd_error_ex(GD_WARNING, "product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n");
|
|
Packit |
ed3af9 |
return 1;
|
|
Packit |
ed3af9 |
}
|
|
Packit |
ed3af9 |
return 0;
|
|
Packit |
ed3af9 |
}
|