|
Packit Service |
df60bb |
/*
|
|
Packit Service |
df60bb |
* gd_security.c
|
|
Packit Service |
df60bb |
*
|
|
Packit Service |
df60bb |
* Implements buffer overflow check routines.
|
|
Packit Service |
df60bb |
*
|
|
Packit Service |
df60bb |
* Written 2004, Phil Knirsch.
|
|
Packit Service |
df60bb |
* Based on netpbm fixes by Alan Cox.
|
|
Packit Service |
df60bb |
*
|
|
Packit Service |
df60bb |
*/
|
|
Packit Service |
df60bb |
|
|
Packit Service |
df60bb |
#ifdef HAVE_CONFIG_H
|
|
Packit Service |
df60bb |
#include "config.h"
|
|
Packit Service |
df60bb |
#endif
|
|
Packit Service |
df60bb |
|
|
Packit Service |
df60bb |
#include <stdio.h>
|
|
Packit Service |
df60bb |
#include <stdlib.h>
|
|
Packit Service |
df60bb |
#include <limits.h>
|
|
Packit Service |
df60bb |
#include "gd.h"
|
|
Packit Service |
df60bb |
#include "gd_errors.h"
|
|
Packit Service |
df60bb |
|
|
Packit Service |
df60bb |
int overflow2(int a, int b)
|
|
Packit Service |
df60bb |
{
|
|
Packit Service |
df60bb |
if(a <= 0 || b <= 0) {
|
|
Packit Service |
df60bb |
gd_error_ex(GD_WARNING, "one parameter to a memory allocation multiplication is negative or zero, failing operation gracefully\n");
|
|
Packit Service |
df60bb |
return 1;
|
|
Packit Service |
df60bb |
}
|
|
Packit Service |
df60bb |
if(a > INT_MAX / b) {
|
|
Packit Service |
df60bb |
gd_error_ex(GD_WARNING, "product of memory allocation multiplication would exceed INT_MAX, failing operation gracefully\n");
|
|
Packit Service |
df60bb |
return 1;
|
|
Packit Service |
df60bb |
}
|
|
Packit Service |
df60bb |
return 0;
|
|
Packit Service |
df60bb |
}
|