From d20ec50b403ce9c4054390038c2971ecbe0cd905 Mon Sep 17 00:00:00 2001
From: orbisai0security <mediratta01.pally@gmail.com>
Date: Tue, 12 May 2026 10:55:17 +0000
Subject: [PATCH] fix: V-001 security vulnerability

Automated security fix generated by Orbis Security AI
---
 src/bmms.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/bmms.c b/src/bmms.c
index 04030cd7..6378f969 100644
--- a/src/bmms.c
+++ b/src/bmms.c
@@ -158,9 +158,9 @@ static void median_filter_vec(float *y, float *x, int w, int h, int pd, int rad)
 static void vector_median_filter_inline(float *x, int w, int h, int pd, int rad)
 {
 	fprintf(stderr, "mfilter %d %d\n", w, h);
-	float *tmp = xmalloc(w * h * pd * sizeof*tmp);
+	float *tmp = xmalloc((size_t)w * h * pd * sizeof*tmp);
 	median_filter_vec(tmp, x, w, h, pd, rad);
-	memcpy(x, tmp, w * h * pd * sizeof*tmp);
+	memcpy(x, tmp, (size_t)w * h * pd * sizeof*tmp);
 	free(tmp);
 }
 
@@ -291,9 +291,9 @@ void bmms_rec(float *out, float *a, float *b,
 	if (scale > 1) {
 		int ws = ceil(w/2.0);
 		int hs = ceil(h/2.0);
-		float *As = malloc(ws * hs * pd * sizeof*As);
-		float *Bs = malloc(ws * hs * pd * sizeof*Bs);
-		float *Os = malloc(ws * hs * 2  * sizeof*Os);
+		float *As = xmalloc((size_t)ws * hs * pd * sizeof*As);
+		float *Bs = xmalloc((size_t)ws * hs * pd * sizeof*Bs);
+		float *Os = xmalloc((size_t)ws * hs * 2  * sizeof*Os);
 		zoom_out_by_factor_two(As, ws, hs, a, w, h, pd);
 		zoom_out_by_factor_two(Bs, ws, hs, b, w, h, pd);
 		bmms_rec(Os, As, Bs, ws, hs, pd, wrad, mrad, scale - 1, e);