首頁 探索 說明
登入
c
/
stb
镜像来自 https://github.com/nothings/stb.git
2
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

fix integer arithmetic in stbi__zexpand()

Randy 5 年之前
父節點
b09cb2c6f5
當前提交
29d639546d
共有 1 個文件被更改,包括 7 次插入4 次删除
分割檢視 顯示文件統計
  1. 7 4
      stb_image.h

+ 7 - 4
stb_image.h
查看文件 

@@ -4130,13 +4130,16 @@ stbi_inline static int stbi__zhuffman_decode(stbi__zbuf *a, stbi__zhuffman *z)
 
 static int stbi__zexpand(stbi__zbuf *z, char *zout, int n)  // need to make room for n bytes
 
 {
 
    char *q;
 
-   int cur, limit, old_limit;
 
+   unsigned int cur, limit, old_limit;
 
    z->zout = zout;
 
    if (!z->z_expandable) return stbi__err("output buffer limit","Corrupt PNG");
 
-   cur   = (int) (z->zout     - z->zout_start);
 
-   limit = old_limit = (int) (z->zout_end - z->zout_start);
 
-   while (cur + n > limit)
 
+   cur   = (unsigned int) (z->zout - z->zout_start);
 
+   limit = old_limit = (unsigned) (z->zout_end - z->zout_start);
 
+   if(UINT_MAX - cur < n) return stbi__err("outofmem", "Out of memory");
 
+   while (cur + n > limit) {
 
+      if(limit > UINT_MAX / 2) return stbi__err("outofmem", "Out of memory");
 
       limit *= 2;
 
+   }
 
    q = (char *) STBI_REALLOC_SIZED(z->zout_start, old_limit, limit);
 
    STBI_NOTUSED(old_limit);
 
    if (q == NULL) return stbi__err("outofmem", "Out of memory");