Security fix for overflow check.

Bug: 35196925 Test: Run the globe live wallpaper and verify it shows the same clouds as in Google Maps Change-Id: I7dafb10d3114298ae27360379197a5cbc5ffb2c6
author: Winson Chung <winsonc@google.com> 2017-02-15 08:34:20 -0800
committer: Winson Chung <winsonc@google.com> 2017-02-15 18:05:41 +0000
commit: ebb6f04c8857930bd767dc7806f9c5c7a2dc910f (patch)
tree: 87d2a0b919a243e55e42e35673a8f370c750ae25
parent: a389af217e94e3adf599b1b741c0f1b344537f98 (diff)
download: libgdx-ebb6f04c8857930bd767dc7806f9c5c7a2dc910f.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/gdx/jni/gdx2d/stb_image.h b/gdx/jni/gdx2d/stb_image.h
index cf9ab59c2..d91b308af 100644
--- a/gdx/jni/gdx2d/stb_image.h
+++ b/gdx/jni/gdx2d/stb_image.h
@@ -4460,7 +4460,7 @@ static int stbi__parse_png_file(stbi__png *z, int scan, int req_comp)
                 return stbi__err("Bad x","Bad x");
             // initial guess for decoded data size to avoid unnecessary reallocs
             bpl = (s->img_x * depth + 7) / 8; // bytes per line, per component
-            if (bpl > (INT_MAX - s->img_y) / bpl / s->img_y)
+            if (bpl > (INT_MAX - s->img_y) / s->img_n / s->img_y)
                 return stbi__err("Integer Overflow","y incorrect");
             raw_len = bpl * s->img_y * s->img_n /* pixels */ + s->img_y /* filter mode per row */;
             z->expanded = (stbi_uc *) stbi_zlib_decode_malloc_guesssize_headerflag((char *) z->idata, ioff, raw_len, (int *) &raw_len, !is_iphone);
author	Winson Chung <winsonc@google.com>	2017-02-15 08:34:20 -0800
committer	Winson Chung <winsonc@google.com>	2017-02-15 18:05:41 +0000
commit	ebb6f04c8857930bd767dc7806f9c5c7a2dc910f (patch)
tree	87d2a0b919a243e55e42e35673a8f370c750ae25
parent	a389af217e94e3adf599b1b741c0f1b344537f98 (diff)
download	libgdx-ebb6f04c8857930bd767dc7806f9c5c7a2dc910f.tar.gz