ref: a08d35b9f9c3ee075b823fa57d37ecbcc71aae97
parent: 59be9fea452d6079836e8fd6e3ae9e79c6dddcf4
author: Sebastian Rasmussen <[email protected]>
date: Tue Mar 5 13:09:20 EST 2019
jbig2dec: Fix bug where realloc returns NULL.
--- a/jbig2_image.c
+++ b/jbig2_image.c
@@ -110,6 +110,8 @@
jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height, int value)
{
if (width == image->width) {
+ uint8_t *data;
+
/* check for integer multiplication overflow */
if (image->height > (INT32_MAX / image->stride)) {
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "integer multiplication overflow during resize (stride=%u, height=%u)", image->stride, height);
@@ -116,11 +118,12 @@
return NULL;
}
/* use the same stride, just change the length */
- image->data = jbig2_renew(ctx, image->data, uint8_t, (size_t) height * image->stride);
- if (image->data == NULL) {
+ data = jbig2_renew(ctx, image->data, uint8_t, (size_t) height * image->stride);
+ if (data == NULL) {
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "failed to reallocate image");
return NULL;
}
+ image->data = data;
if (height > image->height) {
const uint8_t fill = value ? 0xFF : 0x00;
memset(image->data + (size_t) image->height * image->stride, fill, ((size_t) height - image->height) * image->stride);