diff options
author | Kinan Hakim <kinan@google.com> | 2016-02-01 10:57:23 +0100 |
---|---|---|
committer | Kinan Hakim <kinan@google.com> | 2016-02-01 10:57:23 +0100 |
commit | f993c498090655d965c28ca56f275bfaa2b05ace (patch) | |
tree | f8125a29deb64b3b0c0bdb93c4bb2dba0ce76691 | |
parent | 00a8925eb31ca5d88244f0861fb9b22792ea0df4 (diff) | |
download | dng_sdk-f993c498090655d965c28ca56f275bfaa2b05ace.tar.gz |
Fix integer overflow in dng_bad_pixels.cpp
-rw-r--r-- | source/dng_bad_pixels.cpp | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/source/dng_bad_pixels.cpp b/source/dng_bad_pixels.cpp index 77012a4..36c1991 100644 --- a/source/dng_bad_pixels.cpp +++ b/source/dng_bad_pixels.cpp @@ -20,6 +20,7 @@ #include "dng_host.h"
#include "dng_image.h"
#include "dng_negative.h"
+#include "dng_safe_arithmetic.h"
#include <algorithm>
@@ -589,11 +590,6 @@ dng_opcode_FixBadPixelsList::dng_opcode_FixBadPixelsList /*****************************************************************************/
-#if defined(__clang__) && defined(__has_attribute)
-#if __has_attribute(no_sanitize)
-__attribute__((no_sanitize("unsigned-integer-overflow")))
-#endif
-#endif
dng_opcode_FixBadPixelsList::dng_opcode_FixBadPixelsList (dng_stream &stream)
: dng_filter_opcode (dngOpcode_FixBadPixelsList,
@@ -612,8 +608,9 @@ dng_opcode_FixBadPixelsList::dng_opcode_FixBadPixelsList (dng_stream &stream) uint32 pCount = stream.Get_uint32 ();
uint32 rCount = stream.Get_uint32 ();
-
- if (size != 12 + pCount * 8 + rCount * 16)
+ uint32 expectedSize =
+ SafeUint32Add(12, SafeUint32Add(SafeUint32Mult(pCount, 8), SafeUint32Mult(rCount, 16)));
+ if (size != expectedSize)
{
ThrowBadFormat ();
}
|