diff options
author | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2021-10-16 20:39:42 +0000 |
---|---|---|
committer | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2021-10-16 20:39:42 +0000 |
commit | 97e0fd8ab1be6759068456a1f518458acab5a6f5 (patch) | |
tree | 59b0b260c4cfcce3c7c07f45bb5b52791bc8bb09 | |
parent | 00c38a4486bd4ec06df964d51e8b6e10fa0a0227 (diff) | |
download | netpbm-mirror-97e0fd8ab1be6759068456a1f518458acab5a6f5.tar.gz netpbm-mirror-97e0fd8ab1be6759068456a1f518458acab5a6f5.tar.xz netpbm-mirror-97e0fd8ab1be6759068456a1f518458acab5a6f5.zip |
Expand headroom for preventing arithmetic overflow from 2 to 10, to allow for rounding up to a multiple of 8 in bitmap computations
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@4155 9d0c8265-081b-0410-96cb-a4ca84ce46f8
-rw-r--r-- | lib/libpam.c | 11 | ||||
-rw-r--r-- | lib/libpbm2.c | 8 | ||||
-rw-r--r-- | lib/libpm.c | 3 |
3 files changed, 15 insertions, 7 deletions
diff --git a/lib/libpam.c b/lib/libpam.c index 72502749..5bc9e007 100644 --- a/lib/libpam.c +++ b/lib/libpam.c @@ -90,7 +90,12 @@ validateComputableSize(struct pam * const pamP) { the size of a tuple row, in bytes, can be represented by an 'int'. Another common operation is adding 1 or 2 to the highest row, column, - or plane number in the image, so we make sure that's possible. + or plane number in the image, so we make sure that's possible. And in + bitmap images, rounding up to multiple of 8 is common, so we provide for + that too. + + Note that it's still the programmer's responsibility to ensure that his + code, using values known to have been validated here, cannot overflow. -----------------------------------------------------------------------------*/ if (pamP->width == 0) pm_error("Width is zero. Image must be at least one pixel wide"); @@ -111,10 +116,10 @@ validateComputableSize(struct pam * const pamP) { if (depth > INT_MAX - 2) pm_error("image depth (%u) too large to be processed", depth); - if (pamP->width > INT_MAX - 2) + if (pamP->width > INT_MAX - 10) pm_error("image width (%u) too large to be processed", pamP->width); - if (pamP->height > INT_MAX - 2) + if (pamP->height > INT_MAX - 10) pm_error("image height (%u) too large to be processed", pamP->height); } diff --git a/lib/libpbm2.c b/lib/libpbm2.c index a35004f9..1ad93534 100644 --- a/lib/libpbm2.c +++ b/lib/libpbm2.c @@ -69,12 +69,12 @@ validateComputableSize(unsigned int const cols, you expect. That failed expectation can be disastrous if you use it to allocate memory. - A common operation is adding 1 or 2 to the highest row or - column number in the image, so we make sure that's possible. + See comments at 'validateComputableSize' in libpam.c for details on + the purpose of these validations. -----------------------------------------------------------------------------*/ - if (cols > INT_MAX - 2) + if (cols > INT_MAX - 10) pm_error("image width (%u) too large to be processed", cols); - if (rows > INT_MAX - 2) + if (rows > INT_MAX - 10) pm_error("image height (%u) too large to be processed", rows); } diff --git a/lib/libpm.c b/lib/libpm.c index 6f9dea3d..78d941fa 100644 --- a/lib/libpm.c +++ b/lib/libpm.c @@ -844,6 +844,9 @@ pm_parse_width(const char * const arg) { Return the image width represented by the decimal ASCIIZ string 'arg'. Fail if it doesn't validly represent a width or represents a width that can't be conveniently used in computation. + + See comments at 'validateComputableSize' in libpam.c for details on + the purpose of these validations. -----------------------------------------------------------------------------*/ unsigned int width; const char * error; |