Skip to content

Commit

Permalink
LibGfx: Eliminate multiplication integer overflow in planar_to_chunky
Browse files Browse the repository at this point in the history 
Multiplying two u16s will result in a i32 sized result, which will
overflow to negative values for large input values.

Fixes ossfuzz-64198.
  • Loading branch information
@IdanHo @awesomekling
IdanHo authored and awesomekling committed Dec 2, 2023
1 parent e1b438b commit 1a35621
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Userland/Libraries/LibGfx/ImageFormats/ILBMLoader.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ static ErrorOr<ByteBuffer> planar_to_chunky(ReadonlyBytes bitplanes, ILBMLoading
auto chunky = TRY(ByteBuffer::create_zeroed(static_cast<size_t>(width) * height));

for (u16 y = 0; y < height; y++) {
size_t scanline = y * width;
size_t scanline = static_cast<size_t>(y) * width;
for (u8 p = 0; p < planes; p++) {
u8 const plane_mask = 1 << p;
size_t offset_base = (pitch * planes * y) + (p * pitch);
Expand Down

0 comments on commit 1a35621

Please sign in to comment.