mirror of
https://github.com/RGBCube/serenity
synced 2025-05-31 12:48:10 +00:00
LibGfx: Prevent overflow when creating CMYKBitmaps
Fixes oss-fuzz issue 66629. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66629
This commit is contained in:
Lucas CHOLLET
Tim Flynn
parent
40cf205c81
commit
0e20d51b0e
1 changed files with 7 additions and 1 deletions
|
|
@ -4,6 +4,7 @@
|
||||||
* SPDX-License-Identifier: BSD-2-Clause
|
* SPDX-License-Identifier: BSD-2-Clause
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
#include <AK/Checked.h>
|
||||||
#include <LibGfx/CMYKBitmap.h>
|
#include <LibGfx/CMYKBitmap.h>
|
||||||
|
|
||||||
namespace Gfx {
|
namespace Gfx {
|
||||||
|
|
@ -11,7 +12,12 @@ namespace Gfx {
|
||||||
ErrorOr<NonnullRefPtr<CMYKBitmap>> CMYKBitmap::create_with_size(IntSize const& size)
|
ErrorOr<NonnullRefPtr<CMYKBitmap>> CMYKBitmap::create_with_size(IntSize const& size)
|
||||||
{
|
{
|
||||||
VERIFY(size.width() >= 0 && size.height() >= 0);
|
VERIFY(size.width() >= 0 && size.height() >= 0);
|
||||||
auto data = TRY(ByteBuffer::create_uninitialized(size.width() * size.height() * sizeof(CMYK)));
|
Checked<int> final_size { size.width() };
|
||||||
|
final_size.mul(size.height());
|
||||||
|
final_size.mul(sizeof(CMYK));
|
||||||
|
if (final_size.has_overflow())
|
||||||
|
return Error::from_string_literal("Image dimensions cause an integer overflow");
|
||||||
|
auto data = TRY(ByteBuffer::create_uninitialized(final_size.value()));
|
||||||
return adopt_ref(*new CMYKBitmap(size, move(data)));
|
return adopt_ref(*new CMYKBitmap(size, move(data)));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue