Release 10.77.02

git-svn-id: http://svn.code.sf.net/p/netpbm/code/advanced@2883 9d0c8265-081b-0410-96cb-a4ca84ce46f8

3 files changed, 14 insertions, 1 deletions

diff --git a/converter/other/tifftopnm.c b/converter/other/tifftopnm.c
index fb0a7739..5c0797fc 100644
--- a/converter/other/tifftopnm.c
+++ b/converter/other/tifftopnm.c
@@ -1508,6 +1508,13 @@ convertRasterInMemory(pnmOut *           const pnmOutP,
             /* Note that TIFFRGBAImageGet() converts any bits per sample
                to 8.  Maxval of the raster it returns is always 255.
             */
+            if (cols > UINT_MAX/rows) {
+                pm_message("%u rows of %u columns is too large to compute",
+                           rows, cols);
+                *statusP = CONV_OOM;
+                return;
+            }
+
             MALLOCARRAY(raster, cols * rows);
             if (raster == NULL) {
                 pm_message("Unable to allocate space for a raster of %u "
diff --git a/doc/HISTORY b/doc/HISTORY
index b4379b3c..2c300b42 100644
--- a/doc/HISTORY
+++ b/doc/HISTORY
@@ -4,6 +4,12 @@ Netpbm.
 CHANGE HISTORY 
 --------------
 
+17.01.24      Release 10.77.02
+
+              tifftopnm: Fix memory corruption when image is more pixels
+              than can be represented as a C unsigned integer.  Broken in
+              Netpbm 10.11 (October 2002).
+
 17.01.11 BJH  Release 10.77.01
 
               svgtopam: Fix crash when out of memory.  Always broken
diff --git a/version.mk b/version.mk
index 214296c5..5bb55213 100644
--- a/version.mk
+++ b/version.mk
@@ -1,3 +1,3 @@
 NETPBM_MAJOR_RELEASE = 10
 NETPBM_MINOR_RELEASE = 77
-NETPBM_POINT_RELEASE = 1
+NETPBM_POINT_RELEASE = 2