Skip to content

Commit

Permalink
Use CImg::safe_size to prevent integer overflow in get_load_jpeg_buffer
Browse files Browse the repository at this point in the history
  • Loading branch information
@AlexSutila
AlexSutila committed Jul 2, 2024
1 parent 40d7904 commit 53c020f
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion plugins/jpeg_buffer.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,8 @@ static CImg get_load_jpeg_buffer(const JOCTET *const buffer, const unsigned buff
jpeg_start_decompress(&cinfo);

const unsigned int row_stride = cinfo.output_width * cinfo.output_components;
JOCTET *buf = new JOCTET[cinfo.output_width*cinfo.output_height*cinfo.output_components];
const size_t siz = safe_size(cinfo.output_width,cinfo.output_height,1,cinfo.output_components);
JOCTET *buf = new JOCTET[siz];
const JOCTET *buf2 = buf;
JSAMPROW row_pointer[1];
while (cinfo.output_scanline < cinfo.output_height) {
Expand Down

0 comments on commit 53c020f

Please sign in to comment.