mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-12-29 14:14:45 +03:00
LibGfx: Prevent overflow when creating CMYKBitmaps
Fixes oss-fuzz issue 66629. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66629
This commit is contained in:
parent
40cf205c81
commit
0e20d51b0e
Notes:
sideshowbarker
2024-07-17 01:46:43 +09:00
Author: https://github.com/LucasChollet Commit: https://github.com/SerenityOS/serenity/commit/0e20d51b0e Pull-request: https://github.com/SerenityOS/serenity/pull/23505
@ -4,6 +4,7 @@
|
|||||||
* SPDX-License-Identifier: BSD-2-Clause
|
* SPDX-License-Identifier: BSD-2-Clause
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include <AK/Checked.h>
|
||||||
#include <LibGfx/CMYKBitmap.h>
|
#include <LibGfx/CMYKBitmap.h>
|
||||||
|
|
||||||
namespace Gfx {
|
namespace Gfx {
|
||||||
@ -11,7 +12,12 @@ namespace Gfx {
|
|||||||
ErrorOr<NonnullRefPtr<CMYKBitmap>> CMYKBitmap::create_with_size(IntSize const& size)
|
ErrorOr<NonnullRefPtr<CMYKBitmap>> CMYKBitmap::create_with_size(IntSize const& size)
|
||||||
{
|
{
|
||||||
VERIFY(size.width() >= 0 && size.height() >= 0);
|
VERIFY(size.width() >= 0 && size.height() >= 0);
|
||||||
auto data = TRY(ByteBuffer::create_uninitialized(size.width() * size.height() * sizeof(CMYK)));
|
Checked<int> final_size { size.width() };
|
||||||
|
final_size.mul(size.height());
|
||||||
|
final_size.mul(sizeof(CMYK));
|
||||||
|
if (final_size.has_overflow())
|
||||||
|
return Error::from_string_literal("Image dimensions cause an integer overflow");
|
||||||
|
auto data = TRY(ByteBuffer::create_uninitialized(final_size.value()));
|
||||||
return adopt_ref(*new CMYKBitmap(size, move(data)));
|
return adopt_ref(*new CMYKBitmap(size, move(data)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user