Commit 6b506ed3970b98893d8da4b6db72189f39e3ec69
2023-06-01T13:11:14
tjexample.c: Prevent integer overflow Because width, height, and tjPixelSize[] are signed integers, signed integer overflow will occur if width * height * tjPixelSize[pixelFormat] > INT_MAX, which would cause an incorrect value to be passed to tj3Alloc(). This commit modifies tjexample.c in the following ways: - Implicitly promote width, height, and tjPixelSize[pixelFormat] to size_t before multiplying them. - Use malloc() rather than tj3Alloc() to allocate the uncompressed image buffer. (tj3Alloc() is only necessary for JPEG buffers that will potentially be reallocated by the TurboJPEG API library.) - If size_t is 32-bit, throw an error if width * height * tjPixelSize[pixelFormat] would overflow the data type. Since tjexample is not installed or packaged, the worst case for this issue was that a downstream application might interpret tjexample.c literally and introduce a similar overflow issue into its own code. However, it's worth noting that such issues could also be introduced when using malloc().