Commit db127ca6c for imagemagick.org
commit db127ca6c9f663bcb332e2d8a25ce389d7a41897
Author: Cristy <urban-warrior@imagemagick.org>
Date: Sat May 2 16:47:47 2026 -0400
slightly more robust overflow check
diff --git a/MagickCore/image-private.h b/MagickCore/image-private.h
index 2122074f5..81265022c 100644
--- a/MagickCore/image-private.h
+++ b/MagickCore/image-private.h
@@ -43,18 +43,12 @@ extern "C" {
#define LoadImageTag "Load/Image"
#define Magick2PI 6.28318530717958647692528676655900576839433879875020
#define MagickAbsoluteValue(x) ((x) < 0 ? -(x) : (x))
-#define MAGICK_INT_MAX (INT_MAX)
#define MagickPHI 1.61803398874989484820458683436563811772030917980576
#define MagickPI2 1.57079632679489661923132169163975144209858469968755
#define MagickPI 3.1415926535897932384626433832795028841971693993751058209749445923078164062
-#define MAGICK_PTRDIFF_MAX (PTRDIFF_MAX)
-#define MAGICK_PTRDIFF_MIN (-PTRDIFF_MAX-1)
#define MagickSQ1_2 0.70710678118654752440084436210484903928483593768847
#define MagickSQ2 1.41421356237309504880168872420969807856967187537695
#define MagickSQ2PI 2.50662827463100024161235523934010416269302368164062
-#define MAGICK_SIZE_MAX (SIZE_MAX)
-#define MAGICK_SSIZE_MAX (SSIZE_MAX)
-#define MAGICK_SSIZE_MIN (-SSIZE_MAX-1)
#define MAGICK_UCHAR_MAX (UCHAR_MAX)
#define MAGICK_UINT_MAX (UINT_MAX)
#define MAGICK_ULONG_MAX (ULONG_MAX)
diff --git a/MagickCore/memory_.h b/MagickCore/memory_.h
index 7db0ef473..24ebf6ffa 100644
--- a/MagickCore/memory_.h
+++ b/MagickCore/memory_.h
@@ -20,6 +20,17 @@
#include <errno.h>
+#define MAGICK_INT_MAX (INT_MAX)
+#define MAGICK_PTRDIFF_MAX (PTRDIFF_MAX)
+#define MAGICK_PTRDIFF_MIN (-PTRDIFF_MAX-1)
+#define MAGICK_SIZE_MAX (SIZE_MAX)
+#define MAGICK_SSIZE_MAX (SSIZE_MAX)
+#define MAGICK_SSIZE_MIN (-SSIZE_MAX-1)
+#define MAGICK_UCHAR_MAX (UCHAR_MAX)
+#define MAGICK_UINT_MAX (UINT_MAX)
+#define MAGICK_ULONG_MAX (ULONG_MAX)
+#define MAGICK_USHORT_MAX (USHRT_MAX)
+
#if defined(__cplusplus) || defined(c_plusplus)
extern "C" {
#endif
@@ -73,7 +84,7 @@ static inline MagickBooleanType HeapOverflowSanityCheck(
{
if ((count == 0) || (quantum == 0))
return(MagickTrue);
- if (quantum != ((count*quantum)/count))
+ if (count > (MAGICK_SIZE_MAX/quantum))
{
errno=ENOMEM;
return(MagickTrue);
@@ -84,19 +95,15 @@ static inline MagickBooleanType HeapOverflowSanityCheck(
static inline MagickBooleanType HeapOverflowSanityCheckGetSize(
const size_t count,const size_t quantum,size_t *const extent)
{
- size_t
- length;
-
if ((count == 0) || (quantum == 0))
return(MagickTrue);
- length=count*quantum;
- if (quantum != (length/count))
+ if (count > (MAGICK_SIZE_MAX/quantum))
{
errno=ENOMEM;
return(MagickTrue);
}
if (extent != NULL)
- *extent=length;
+ *extent=count*quantum;
return(MagickFalse);
}