Browse Source

dither: fix integer overflows that were causing a division by zero.

Fixes: #36 (CVE-2018-20544)
tags/v0.99.beta20
Sam Hocevar 6 years ago
parent
commit
84bd155087
1 changed files with 8 additions and 8 deletions
  1. +8
    -8
      caca/dither.c

+ 8
- 8
caca/dither.c View File

@@ -991,10 +991,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h,
/* First get RGB */
if(d->antialias)
{
fromx = (x - x1) * w / deltax;
fromy = (y - y1) * h / deltay;
tox = (x - x1 + 1) * w / deltax;
toy = (y - y1 + 1) * h / deltay;
fromx = (uint64_t)(x - x1) * w / deltax;
fromy = (uint64_t)(y - y1) * h / deltay;
tox = (uint64_t)(x - x1 + 1) * w / deltax;
toy = (uint64_t)(y - y1 + 1) * h / deltay;

/* We want at least one pixel */
if(tox == fromx) tox++;
@@ -1017,10 +1017,10 @@ int caca_dither_bitmap(caca_canvas_t *cv, int x, int y, int w, int h,
}
else
{
fromx = (x - x1) * w / deltax;
fromy = (y - y1) * h / deltay;
tox = (x - x1 + 1) * w / deltax;
toy = (y - y1 + 1) * h / deltay;
fromx = (uint64_t)(x - x1) * w / deltax;
fromy = (uint64_t)(y - y1) * h / deltay;
tox = (uint64_t)(x - x1 + 1) * w / deltax;
toy = (uint64_t)(y - y1 + 1) * h / deltay;

/* tox and toy can overflow the canvas, but they cannot overflow
* when averaged with fromx and fromy because these are guaranteed


Loading…
Cancel
Save