Merge remote-tracking branch 'goog/ics-aah'
diff --git a/pngrutil.c b/pngrutil.c
index dfa2c03..d67af58 100644
--- a/pngrutil.c
+++ b/pngrutil.c
@@ -380,8 +380,14 @@
{
/* Success (maybe) - really uncompress the chunk. */
png_size_t new_size = 0;
- png_charp text = png_malloc_warn(png_ptr,
- prefix_size + expanded_size + 1);
+ png_charp text = NULL;
+
+ /* Need to check for both truncation (64-bit) and integer overflow. */
+ if (prefix_size + expanded_size > prefix_size &&
+ prefix_size + expanded_size < 0xffffffffU)
+ {
+ text = png_malloc_warn(png_ptr, prefix_size + expanded_size + 1);
+ }
if (text != NULL)
{
