diff options
author | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2007-12-09 18:23:34 +0000 |
---|---|---|
committer | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2007-12-09 18:23:34 +0000 |
commit | aefcdcb26e6f076ece01d3af35e4a004ab105bff (patch) | |
tree | 07436bdbccefd7dbdaf7705b6e29d942d527a7a2 | |
parent | e254440851e0631df7ef235027e0ce8c427c61e9 (diff) | |
download | netpbm-mirror-aefcdcb26e6f076ece01d3af35e4a004ab105bff.tar.gz netpbm-mirror-aefcdcb26e6f076ece01d3af35e4a004ab105bff.tar.xz netpbm-mirror-aefcdcb26e6f076ece01d3af35e4a004ab105bff.zip |
fix arithmetic overflow
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@484 9d0c8265-081b-0410-96cb-a4ca84ce46f8
-rw-r--r-- | doc/HISTORY | 7 | ||||
-rw-r--r-- | editor/pnmcat.c | 16 |
2 files changed, 20 insertions, 3 deletions
diff --git a/doc/HISTORY b/doc/HISTORY index 10ad691f..006b5d80 100644 --- a/doc/HISTORY +++ b/doc/HISTORY @@ -28,6 +28,13 @@ not yet BJH Release 10.41.00 pnmcrop: fix -verbose message about background color with -white. + pbmmake: handle ridiculously large height, width arguments. + + pnmcat: fix arithmetic overflow. + + libnetpbm: Add arithmetic overflow protection to PBM + routines, like PGM/PPM/PNM have had for a long time. + libnetpbm: make all row free operations go through pm_freerow(); change row buffer type from char * to void * for pm_allocrow(), pm_freerow(). diff --git a/editor/pnmcat.c b/editor/pnmcat.c index 20dbf34d..cc86520f 100644 --- a/editor/pnmcat.c +++ b/editor/pnmcat.c @@ -155,7 +155,7 @@ computeOutputParms(unsigned int const nfiles, xelval * const newmaxvalP, int * const newformatP) { - int newcols, newrows; + double newcols, newrows; int newformat; xelval newmaxval; @@ -187,8 +187,18 @@ computeOutputParms(unsigned int const nfiles, break; } } - *newrowsP = newrows; - *newcolsP = newcols; + + /* Note that while 'double' is not in general a precise numerical type, + in the case of a sum of integers which is less than INT_MAX, it + is exact, because double's precision is greater than int's. + */ + if (newcols > INT_MAX) + pm_error("Output width too large: %.0f.", newcols); + if (newrows > INT_MAX) + pm_error("Output height too large: %.0f.", newrows); + + *newrowsP = (int) newrows; + *newcolsP = (int) newcols; *newmaxvalP = newmaxval; *newformatP = newformat; } |