The allocation strategy for the framebuffer is the "array2" method from
c-faq: an array of row pointers into a single large array containing all
rows. This was not being freed correctly in the case with 0 rows, since
there would be no pointer to the row data at all in order to free it.
Fix that up by simply allocating a 1x1 framebuffer when it would
otherwise be empty. While we're at it, also add an overflow check
on the multiplication.
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <errno.h>
#include "pack.h"
#include <errno.h>
#include "pack.h"
unsigned char **new, *tmp;
size_t i;
unsigned char **new, *tmp;
size_t i;
+ if (height > SIZE_MAX / sizeof *new) {
+ lbx_error_raise(LBX_ENOMEM);
+ return NULL;
+ }
+
+ /* Ensure that there is at least one row in the framebuffer. */
+ if (height == 0 || width == 0)
+ width = height = 1;
+
tmp = calloc(height, width);
if (!tmp) {
lbx_error_raise(LBX_ENOMEM);
tmp = calloc(height, width);
if (!tmp) {
lbx_error_raise(LBX_ENOMEM);
plan_ 2
dx_create_testdir
plan_ 2
dx_create_testdir
-command_ok_ "decoding image-0x0" -D TODO \
- $LBXIMG -F pbm -dnf "$testdata/image-0x0"
+command_ok_ "decoding image-0x0" $LBXIMG -F pbm -dnf "$testdata/image-0x0"
check_output() {
diff out.000.pbm - 1>&2 <<'EOF'
check_output() {
diff out.000.pbm - 1>&2 <<'EOF'