Avoid potential division by zero when performing the check against multiplication overflow. (Note that if the width is zero then there can be no overflow anyway, so it is then safe to bypass the check.) Signed-off-by: Michael Brown <mcb30@ipxe.org>

il y a 7 ans · 966a960a83
--- a/src/core/pixbuf.c
+++ b/src/core/pixbuf.c
@@ -68,8 +68,10 @@ struct pixel_buffer * alloc_pixbuf ( unsigned int width, unsigned int height ) {
 
				
				 	pixbuf->len = ( width * height * sizeof ( uint32_t ) );
			
 
				
				 
			
 
				
				 	/* Check for multiplication overflow */
			
 
				
				-	if ( ( ( pixbuf->len / sizeof ( uint32_t ) ) / width ) != height )
			
 
				
				+	if ( ( width != 0 ) &&
			
 
				
				+	     ( ( pixbuf->len / sizeof ( uint32_t ) ) / width ) != height ) {
			
 
				
				 		goto err_overflow;
			
 
				
				+	}
			
 
				
				 
			
 
				
				 	/* Allocate pixel data buffer */
			
 
				
				 	pixbuf->data = umalloc ( pixbuf->len );