prevent to access heap overflow

saitoha · Jul 24, 2019 · 614e761 · 614e761
1 parent 2df6437
commit 614e761
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/fromsixel.c b/src/fromsixel.c
@@ -884,7 +884,10 @@ sixel_decode_raw(
     }
 
     *ncolors = image.ncolors + 1;
-    *palette = (unsigned char *)sixel_allocator_malloc(allocator, (size_t)(*ncolors * 3));
+    int alloc_size = *ncolors;
+    if (alloc_size < 256) // memory access range should be 0 <= 255 (in write_png_to_file)
+        alloc_size = 256;
+    *palette = (unsigned char *)sixel_allocator_malloc(allocator, (size_t)(alloc_size * 3));
     if (palette == NULL) {
         sixel_allocator_free(allocator, image.data);
         sixel_helper_set_additional_message(