Remove redundant post-multiplication overflow check and free the old buffer if

rootvector2 · rootvector2 · commit 25247b093c6f · 2026-02-06T08:46:07.000+05:30
avifAlloc() fails while resizing the array
diff --git a/src/utils.c b/src/utils.c
@@ -105,26 +105,22 @@ void * avifArrayPush(void * arrayStruct)
     if (arr->count == arr->capacity) {
         uint8_t * oldPtr = arr->ptr;
         size_t oldByteCount = (size_t)arr->elementSize * arr->capacity;
-        
+
         // Check for overflow before doubling the allocation size
         // If oldByteCount > SIZE_MAX/2, then oldByteCount * 2 would overflow
         if (oldByteCount > SIZE_MAX / 2) {
-            // Cannot safely double the allocation size
             return NULL;
         }
-        
+
         size_t newByteCount = oldByteCount * 2;
-        
-        // Additional safety check: verify the multiplication didn't overflow
-        if (newByteCount < oldByteCount) {
-            // Overflow occurred despite the check (shouldn't happen, but defense in depth)
-            return NULL;
-        }
-        
-        arr->ptr = (uint8_t *)avifAlloc(newByteCount);
-        if (arr->ptr == NULL) {
+
+        uint8_t * newPtr = (uint8_t *)avifAlloc(newByteCount);
+        if (newPtr == NULL) {
+            avifFree(oldPtr);
             return NULL;
         }
+
+        arr->ptr = newPtr;
         memset(arr->ptr + oldByteCount, 0, oldByteCount);
         memcpy(arr->ptr, oldPtr, oldByteCount);
         arr->capacity *= 2;
