diff options
author | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2021-11-06 00:56:52 +0000 |
---|---|---|
committer | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2021-11-06 00:56:52 +0000 |
commit | 1521736d42c031d6e2f48a1ba0f22d694400118d (patch) | |
tree | 43dd90e85949b0191184397b8e1d073fdbd448eb | |
parent | 38243fe783f754d9723f23b797f1b9eda2ba429f (diff) | |
download | netpbm-mirror-1521736d42c031d6e2f48a1ba0f22d694400118d.tar.gz netpbm-mirror-1521736d42c031d6e2f48a1ba0f22d694400118d.tar.xz netpbm-mirror-1521736d42c031d6e2f48a1ba0f22d694400118d.zip |
Add comment
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@4169 9d0c8265-081b-0410-96cb-a4ca84ce46f8
-rw-r--r-- | lib/pbm.h | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/lib/pbm.h b/lib/pbm.h index 27fd1163..57ab3812 100644 --- a/lib/pbm.h +++ b/lib/pbm.h @@ -47,6 +47,19 @@ pbm_allocrow(unsigned int const cols); ((bit**) pm_allocarray(cols, rows, sizeof(bit))) #define pbm_freearray(bits, rows) pm_freearray((char**) bits, rows) #define pbm_freerow(bitrow) pm_freerow((char*) bitrow) + +/* Beware of arithmetic overflows when using pbm_packed_bytes(), + pbm_allocrow_packed() and pbm_allocarray_packed(). + + When cols is signed int, pbm_packed_bytes(cols + 8) overflows + with large values. Same with pamP->width which is always signed int. + + Function validateComputableSize() called by pbm_readpbminit() + provides a margin of 10, but the "+7" uses much of it. + + To prevent overflows, cast cols or pamP->width to unsigned int + like this: pbm_packed_bytes((unsigned int) cols +8)) +*/ #define pbm_packed_bytes(cols) (((cols)+7)/8) #define pbm_allocrow_packed(cols) \ ((unsigned char *) pm_allocrow(pbm_packed_bytes(cols), \ |