draw: add badrect() function to reject zero, negative size or orverly huge rectangles
not checking the rectangle dimensions causes integer overflows and memory corruption. adding a new badrect() function that checks for these cases.
This commit is contained in:
cinap_lenrek
parent
e36d9f5c4e
commit
202be57bb9
10 changed files with 42 additions and 8 deletions
22
sys/src/libdraw/badrect.c
Normal file
22
sys/src/libdraw/badrect.c
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
#include <u.h>
|
||||
#include <libc.h>
|
||||
#include <draw.h>
|
||||
|
||||
/*
|
||||
* check for zero, negative size or insanely huge rectangle.
|
||||
*/
|
||||
int
|
||||
badrect(Rectangle r)
|
||||
{
|
||||
int x, y;
|
||||
uint z;
|
||||
|
||||
x = Dx(r);
|
||||
y = Dy(r);
|
||||
if(x > 0 && y > 0){
|
||||
z = x*y;
|
||||
if(z/x == y && z < 0x10000000)
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue