about summary refs log tree commit diff
diff options
context:
space:
mode:
authorgiraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>2021-11-06 00:56:52 +0000
committergiraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>2021-11-06 00:56:52 +0000
commit1521736d42c031d6e2f48a1ba0f22d694400118d (patch)
tree43dd90e85949b0191184397b8e1d073fdbd448eb
parent38243fe783f754d9723f23b797f1b9eda2ba429f (diff)
downloadnetpbm-mirror-1521736d42c031d6e2f48a1ba0f22d694400118d.tar.gz
netpbm-mirror-1521736d42c031d6e2f48a1ba0f22d694400118d.tar.xz
netpbm-mirror-1521736d42c031d6e2f48a1ba0f22d694400118d.zip
Add comment
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@4169 9d0c8265-081b-0410-96cb-a4ca84ce46f8
-rw-r--r--lib/pbm.h13
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/pbm.h b/lib/pbm.h
index 27fd1163..57ab3812 100644
--- a/lib/pbm.h
+++ b/lib/pbm.h
@@ -47,6 +47,19 @@ pbm_allocrow(unsigned int const cols);
   ((bit**) pm_allocarray(cols, rows, sizeof(bit)))
 #define pbm_freearray(bits, rows) pm_freearray((char**) bits, rows)
 #define pbm_freerow(bitrow) pm_freerow((char*) bitrow)
+
+/* Beware of arithmetic overflows when using pbm_packed_bytes(),
+   pbm_allocrow_packed() and pbm_allocarray_packed().
+
+   When cols is signed int, pbm_packed_bytes(cols + 8) overflows
+   with large values.   Same with pamP->width which is always signed int.
+
+   Function validateComputableSize() called by pbm_readpbminit()
+   provides a margin of 10, but the "+7" uses much of it.
+
+   To prevent overflows, cast cols or pamP->width to unsigned int
+   like this: pbm_packed_bytes((unsigned int) cols +8))
+*/
 #define pbm_packed_bytes(cols) (((cols)+7)/8)
 #define pbm_allocrow_packed(cols) \
     ((unsigned char *) pm_allocrow(pbm_packed_bytes(cols), \