From 3cbc908a6ed8a4168a8c59476bbf93cf272d5c6e Mon Sep 17 00:00:00 2001 From: Bastien Nocera Date: Thu, 6 Dec 2018 10:58:35 +0100 Subject: [PATCH] lib: Add better guard against huge malloc See dda6857feef60694dac1493b3860a64e4fa5f8f3 and https://bugzilla.redhat.com/show_bug.cgi?id=1656518 When the number of lines to assemble is 1, the median_filter() function would be passed -1 as its size as it was calculated with: (num_lines / 2) - 1 so (1 / 2) - 1 = 0 - 1 = -1 Add a guard to stop drivers trying to assemble single lines. This doesn't however fix the vfs5011 driver that tried to do that. --- libfprint/fpi-assembling.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libfprint/fpi-assembling.c b/libfprint/fpi-assembling.c index 3eabb4d..e33dafe 100644 --- a/libfprint/fpi-assembling.c +++ b/libfprint/fpi-assembling.c @@ -419,7 +419,7 @@ struct fp_img *fpi_assemble_lines(struct fpi_line_asmbl_ctx *ctx, struct fp_img *img; g_return_val_if_fail (lines != NULL, NULL); - g_return_val_if_fail (num_lines > 0, NULL); + g_return_val_if_fail (num_lines >= 2, NULL); fp_dbg("%"G_GINT64_FORMAT, g_get_real_time());