[cairo-bugs] [Bug 10730] potential controllable integer overflow in
cairo-png.c
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Apr 23 17:15:30 PDT 2007
http://bugs.freedesktop.org/show_bug.cgi?id=10730
------- Comment #3 from cworth at cworth.org 2007-04-23 17:15 PST -------
(In reply to comment #2)
> I think what is meant is that "png_width * png_height * pixel_size" may
> overflow an integer.
Thanks for the explanation. This got mentioned to me as a potential security
bug so I kept reading overflow as overrun instead of as *overflow* for some
reasons.
/me smacks forehead
So, do we do the multiply into a uint64_t, shift off 32 bits, and check that
it's zero? Or what's the best way to check for overflow here?
-Carl
--
Configure bugmail: http://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
More information about the cairo-bugs
mailing list