LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-12-28 21:54:40 +03:00
Code Issues Packages Projects Releases Wiki Activity

LibGfx: Prevent overflow when creating CMYKBitmaps

Browse Source 
Fixes oss-fuzz issue 66629.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66629
This commit is contained in:
Lucas CHOLLET 2024-03-06 22:15:00 -05:00 committed by Tim Flynn
parent 40cf205c81
commit 0e20d51b0e
Notes: sideshowbarker 2024-07-17 01:46:43 +09:00 
Author: https://github.com/LucasChollet
Commit: https://github.com/SerenityOS/serenity/commit/0e20d51b0e
Pull-request: https://github.com/SerenityOS/serenity/pull/23505
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Userland/Libraries/LibGfx/CMYKBitmap.cpp
View File

@ -4,6 +4,7 @@
* SPDX-License-Identifier: BSD-2-Clause * SPDX-License-Identifier: BSD-2-Clause
*/ */
#include <AK/Checked.h>
#include <LibGfx/CMYKBitmap.h> #include <LibGfx/CMYKBitmap.h>
namespace Gfx { namespace Gfx {
@ -11,7 +12,12 @@ namespace Gfx {
ErrorOr<NonnullRefPtr<CMYKBitmap>> CMYKBitmap::create_with_size(IntSize const& size) ErrorOr<NonnullRefPtr<CMYKBitmap>> CMYKBitmap::create_with_size(IntSize const& size)
{ {
VERIFY(size.width() >= 0 && size.height() >= 0); VERIFY(size.width() >= 0 && size.height() >= 0);
auto data = TRY(ByteBuffer::create_uninitialized(size.width() * size.height() * sizeof(CMYK))); Checked<int> final_size { size.width() };
final_size.mul(size.height());
final_size.mul(sizeof(CMYK));
if (final_size.has_overflow())
return Error::from_string_literal("Image dimensions cause an integer overflow");
auto data = TRY(ByteBuffer::create_uninitialized(final_size.value()));
return adopt_ref(*new CMYKBitmap(size, move(data))); return adopt_ref(*new CMYKBitmap(size, move(data)));
} }