diff options
| author | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2010-03-02 21:55:18 +0000 |
|---|---|---|
| committer | giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8> | 2010-03-02 21:55:18 +0000 |
| commit | bf76a94423bbb9f4fb66ffea261f677702e0d4f4 (patch) | |
| tree | 4e958d9c00851af13a0beabd03d3b3ad09639ef2 /converter/ppm/ppmtoilbm.c | |
| parent | e509cd6d53d19162754cc73485e3435051557952 (diff) | |
| download | netpbm-mirror-bf76a94423bbb9f4fb66ffea261f677702e0d4f4.tar.gz netpbm-mirror-bf76a94423bbb9f4fb66ffea261f677702e0d4f4.tar.xz netpbm-mirror-bf76a94423bbb9f4fb66ffea261f677702e0d4f4.zip | |
Fix arithmetic overflow with image dimensions represented by 16 bit integers
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@1136 9d0c8265-081b-0410-96cb-a4ca84ce46f8
Diffstat (limited to 'converter/ppm/ppmtoilbm.c')
| -rw-r--r-- | converter/ppm/ppmtoilbm.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/converter/ppm/ppmtoilbm.c b/converter/ppm/ppmtoilbm.c index 4a1b5cb7..5de167dc 100644 --- a/converter/ppm/ppmtoilbm.c +++ b/converter/ppm/ppmtoilbm.c @@ -37,6 +37,10 @@ ** - added HAM colormap "rgb4" and "rgb5" (compute with 4/5-bit table) ** - added IFF text chunks ** +** Feb 2010: afu +** Added dimension check to prevent short int from overflowing. +** +** ** TODO: ** - multipalette capability (PCHG chunk) for std and HAM ** @@ -100,6 +104,8 @@ #define DEF_DCOLPLANES 5 #define DEF_IFMODE MODE_DEEP +#define INT16MAX 32767 + static void put_big_short ARGS((short s)); static void put_big_long ARGS((long l)); #define put_byte(b) (void)(putc((unsigned char)(b), stdout)) @@ -1801,6 +1807,10 @@ init_read(fp, colsP, rowsP, maxvalP, formatP, readall) int readall; { ppm_readppminit(fp, colsP, rowsP, maxvalP, formatP); + + if( *rowsP >INT16MAX || *colsP >INT16MAX ) + pm_error ("Input image is too large."); + if( readall ) { int row; |