Security fix for overflow check. am: ebb6f04c88 am: d44ed48f0c

am: 948dd5fa71 Change-Id: I6960c5eabec2182b983c0876e53d7db1bf2692e3
author: Winson Chung <winsonc@google.com> 2017-02-15 20:16:27 +0000
committer: android-build-merger <android-build-merger@google.com> 2017-02-15 20:16:27 +0000
commit: 81fed39da361ba3d8bfa8e346aa5d5b59d9fe506 (patch)
tree: 87d2a0b919a243e55e42e35673a8f370c750ae25
parent: ee380123ca6d487b5ce2737ef0c75f8efcd557ba (diff)
parent: 948dd5fa710343070ba21fa1c011df653ab23a8c (diff)
download: libgdx-81fed39da361ba3d8bfa8e346aa5d5b59d9fe506.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/gdx/jni/gdx2d/stb_image.h b/gdx/jni/gdx2d/stb_image.h
index cf9ab59c2..d91b308af 100644
--- a/gdx/jni/gdx2d/stb_image.h
+++ b/gdx/jni/gdx2d/stb_image.h
@@ -4460,7 +4460,7 @@ static int stbi__parse_png_file(stbi__png *z, int scan, int req_comp)
                 return stbi__err("Bad x","Bad x");
             // initial guess for decoded data size to avoid unnecessary reallocs
             bpl = (s->img_x * depth + 7) / 8; // bytes per line, per component
-            if (bpl > (INT_MAX - s->img_y) / bpl / s->img_y)
+            if (bpl > (INT_MAX - s->img_y) / s->img_n / s->img_y)
                 return stbi__err("Integer Overflow","y incorrect");
             raw_len = bpl * s->img_y * s->img_n /* pixels */ + s->img_y /* filter mode per row */;
             z->expanded = (stbi_uc *) stbi_zlib_decode_malloc_guesssize_headerflag((char *) z->idata, ioff, raw_len, (int *) &raw_len, !is_iphone);
author	Winson Chung <winsonc@google.com>	2017-02-15 20:16:27 +0000
committer	android-build-merger <android-build-merger@google.com>	2017-02-15 20:16:27 +0000
commit	81fed39da361ba3d8bfa8e346aa5d5b59d9fe506 (patch)
tree	87d2a0b919a243e55e42e35673a8f370c750ae25
parent	ee380123ca6d487b5ce2737ef0c75f8efcd557ba (diff)
parent	948dd5fa710343070ba21fa1c011df653ab23a8c (diff)
download	libgdx-81fed39da361ba3d8bfa8e346aa5d5b59d9fe506.tar.gz