about summary refs log tree commit diff
path: root/converter
diff options
context:
space:
mode:
authorgiraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>2023-09-03 18:50:42 +0000
committergiraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>2023-09-03 18:50:42 +0000
commit4e19c64196774e78ba5300631ec5782a8d336ff7 (patch)
tree69db30098926423fca803dbdae259fc0ba5c4720 /converter
parentf758e790a390fdd42821b4214db155db0e163b15 (diff)
downloadnetpbm-mirror-4e19c64196774e78ba5300631ec5782a8d336ff7.tar.gz
netpbm-mirror-4e19c64196774e78ba5300631ec5782a8d336ff7.tar.xz
netpbm-mirror-4e19c64196774e78ba5300631ec5782a8d336ff7.zip
Fix arithmetic overflow
git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@4632 9d0c8265-081b-0410-96cb-a4ca84ce46f8
Diffstat (limited to 'converter')
-rw-r--r--converter/other/xwdtopnm.c29
1 files changed, 27 insertions, 2 deletions
diff --git a/converter/other/xwdtopnm.c b/converter/other/xwdtopnm.c
index eee694ea..5523acab 100644
--- a/converter/other/xwdtopnm.c
+++ b/converter/other/xwdtopnm.c
@@ -209,6 +209,14 @@ processX10Header(X10WDFileHeader *  const h10P,
         }
     }
 
+    if (h10P->pixmap_width < 0)
+        pm_error("XWD header says pixmap_width is negative: %d",
+                 h10P->pixmap_width);
+    if (h10P->pixmap_width > UINT_MAX/8 - 15)
+        pm_error("XWD header says pixmap_width is %d, "
+                 "which is too large for this program to compute",
+                 h10P->pixmap_width);
+
     if (h10P->display_planes == 1) {
         *formatP = PBM_TYPE;
         *visualclassP = StaticGray;
@@ -609,7 +617,7 @@ processX11Header(const X11WDFileHeader *  const h11P,
     } else if (*visualclassP == StaticGray && h11FixedP->bits_per_pixel == 1) {
         *formatP = PBM_TYPE;
         *maxvalP = 1;
-        *colorsP = pnm_allocrow( 2 );
+        *colorsP = pnm_allocrow(2);
         PNM_ASSIGN1((*colorsP)[0], *maxvalP);
         PNM_ASSIGN1((*colorsP)[1], 0);
     } else if (*visualclassP == StaticGray) {
@@ -645,8 +653,25 @@ processX11Header(const X11WDFileHeader *  const h11P,
         *maxvalP = 65535;
     }
 
+    if (h11FixedP->pixmap_width < 1)
+        pm_error("XWD header states zero width");
+
     *colsP = h11FixedP->pixmap_width;
+
+    if (h11FixedP->pixmap_height < 1)
+        pm_error("XWD header states zero height");
+
     *rowsP = h11FixedP->pixmap_height;
+
+    if (h11FixedP->bytes_per_line > UINT_MAX/8)
+        pm_error("XWD header says bytes per line is %u, "
+                 "which is too large for this program to compute",
+                 h11FixedP->bytes_per_line);
+    if (h11FixedP->pixmap_width > UINT_MAX/h11FixedP->bits_per_pixel)
+        pm_error("XWD header says there are %u pixels per row and "
+                 "%u bits per pixel, which is too many for this program "
+                 "to compute",
+                 h11FixedP->pixmap_width, h11FixedP->bits_per_pixel);
     *padrightP =
         h11FixedP->bytes_per_line * 8 -
         h11FixedP->pixmap_width * h11FixedP->bits_per_pixel;
@@ -691,7 +716,7 @@ processX11Header(const X11WDFileHeader *  const h11P,
            says LSBFirst and it's a lie.  And Xwud renders it correctly.
         */
         *byteOrderP = MSBFirst;
-        *bitOrderP = MSBFirst;
+        *bitOrderP  = MSBFirst;
     } else {
         *byteOrderP = (enum byteorder) h11FixedP->byte_order;
         *bitOrderP  = (enum byteorder) h11FixedP->bitmap_bit_order;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-26 05:11:09 +0000