about summary refs log tree commit diff
diff options
context:
space:
mode:
authorgiraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>2023-10-04 23:40:50 +0000
committergiraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>2023-10-04 23:40:50 +0000
commit7dd51f3750fa58eecd91803a7910c140147fd9e2 (patch)
tree10be2ce634201715e6621b01447be0ed6c9a5e95
parent74201723a44e9403ab0c5ce698112290a329460b (diff)
downloadnetpbm-mirror-7dd51f3750fa58eecd91803a7910c140147fd9e2.tar.gz
netpbm-mirror-7dd51f3750fa58eecd91803a7910c140147fd9e2.tar.xz
netpbm-mirror-7dd51f3750fa58eecd91803a7910c140147fd9e2.zip
Fix arithmetic overflow on insanely large number of colors
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@4724 9d0c8265-081b-0410-96cb-a4ca84ce46f8
Diffstat
-rw-r--r--converter/ppm/ppmtoxpm.c21
-rw-r--r--doc/HISTORY3
2 files changed, 16 insertions, 8 deletions
diff --git a/converter/ppm/ppmtoxpm.c b/converter/ppm/ppmtoxpm.c
index f4db8556..4ef0ee8b 100644
--- a/converter/ppm/ppmtoxpm.c
+++ b/converter/ppm/ppmtoxpm.c
@@ -268,7 +268,7 @@ charsPerPixelForSize(unsigned int const cmapSize) {
 
 static void
 genCmap(colorhist_vector const chv,
-        int              const ncolors,
+        unsigned int     const ncolors,
         pixval           const maxval,
         colorhash_table  const colornameHash,
         const char **    const colornames,
@@ -311,8 +311,7 @@ genCmap(colorhist_vector const chv,
 
     MALLOCARRAY(cmap, cmapSize);
     if (cmapP == NULL)
-        pm_error("Out of memory allocating %u bytes for a color map.",
-                 (unsigned)sizeof(CixelMap) * (ncolors+1));
+        pm_error("Can't get memory for a %u-entry color map", cmapSize);
 
     xpmMaxval = xpmMaxvalFromMaxval(maxval);
 
@@ -510,13 +509,13 @@ computecolorhash(pixel **          const pixels,
 -----------------------------------------------------------------------------*/
     colorhash_table cht;
     unsigned int row;
+    bool foundTransparent;
+    unsigned int ncolors;
 
     cht = ppm_alloccolorhash();
-    *ncolorsP = 0;   /* initial value */
-    *transparentSomewhereP = false;  /* initial assumption */
 
     /* Go through the entire image, building a hash table of colors. */
-    for (row = 0; row < rows; ++row) {
+    for (row = 0, ncolors = 0, foundTransparent = false; row < rows; ++row) {
         unsigned int col;
 
         for (col = 0; col < cols; ++col) {
@@ -529,14 +528,20 @@ computecolorhash(pixel **          const pixels,
 
                 if (lookupRc < 0) {
                     /* It's not in the hash yet, so add it */
+                    if (ncolors > UINT_MAX - 10)
+                        pm_error("Number of colors (> %u) "
+                                 "is uncomputably large",
+                                 ncolors);
                     ppm_addtocolorhash(cht, &color, 0);
-                    ++(*ncolorsP);
+                    ++ncolors;
                 }
             } else
                 *transparentSomewhereP = TRUE;
         }
     }
-    *chtP = cht;
+    *chtP                  = cht;
+    *ncolorsP              = ncolors;
+    *transparentSomewhereP = foundTransparent;
 }
 
 
diff --git a/doc/HISTORY b/doc/HISTORY
index c4f820f2..4b9ce1a3 100644
--- a/doc/HISTORY
+++ b/doc/HISTORY
@@ -14,6 +14,9 @@ not yet  BJH  Release 11.05.00
 
               picttoppm: fix buffer overrun with insanely wide input.
 
+              ppmtoxpm: fix incorrect output with insanely large number of
+              colors.
+
               Build: Fix compile error on systems without 'asprintf'.
               Introduced in Netpbm 11.04 (September 2023).
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-09 19:29:34 +0000