diff options
| author | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2017-01-07 18:04:08 +0000 |
|---|---|---|
| committer | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2017-01-07 18:04:08 +0000 |
| commit | 5d87a60989fd35a6fc303501b4a0268cb648bc6a (patch) | |
| tree | 47e64d9a6485a3b0e75dba7bfd93da6084794198 | |
| parent | 76235206ec3bdaa50f32e8b758e77060bc9e998a (diff) | |
| download | netpbm-mirror-5d87a60989fd35a6fc303501b4a0268cb648bc6a.tar.gz netpbm-mirror-5d87a60989fd35a6fc303501b4a0268cb648bc6a.tar.xz netpbm-mirror-5d87a60989fd35a6fc303501b4a0268cb648bc6a.zip | |
Add some assertions demonstrating why cols*rows does not overflow
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@2873 9d0c8265-081b-0410-96cb-a4ca84ce46f8
| -rw-r--r-- | converter/other/bmptopnm.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/converter/other/bmptopnm.c b/converter/other/bmptopnm.c index 13a5fb8d..54868364 100644 --- a/converter/other/bmptopnm.c +++ b/converter/other/bmptopnm.c @@ -695,6 +695,13 @@ bmpReadinfoheader(FILE * const ifP, *errorP = NULL; *bytesReadP = cInfoHeaderSize; } + /* Part of our anti-arithmetic overflow strategy is to make sure height + and width always fit in 16 bits, so they can be multiplied together. + This shouldn't be a problem, since they come from 16 bit fields in + the BMP info header. + */ + assert(headerP->cols < (1<<16)); + assert(headerP->rows < (1<<16)); } @@ -1204,6 +1211,9 @@ bmpReadraster(FILE * const ifP, */ unsigned char ** bmpRaster; + assert(cols < (1<<16)); + assert(bytesPerRow < (1<<16)); + bmpRaster = allocBmpRaster(rows, bytesPerRow); *bytesReadP = 0; |