about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--converter/ppm/ppmtopict.c7
-rw-r--r--doc/HISTORY2
2 files changed, 9 insertions, 0 deletions
diff --git a/converter/ppm/ppmtopict.c b/converter/ppm/ppmtopict.c
index 749ef305..c7f1d61d 100644
--- a/converter/ppm/ppmtopict.c
+++ b/converter/ppm/ppmtopict.c
@@ -387,6 +387,13 @@ writeRaster(FILE *          const ofP,
     unsigned int oc;
     unsigned int row;
 
+    if (cols > UINT_MAX - cols/MAX_COUNT - 1) {
+        /* We can't compute the size of buffer 'putRow' needs for worst-case
+           compaction.
+        */
+        pm_error("Image is too wide (%u columns) for computation", cols);
+    }
+
     MALLOCARRAY(outBuf, cols + cols/MAX_COUNT + 1);
     if (!outBuf)
         pm_error("Unable to allocate %u-byte row buffer",
diff --git a/doc/HISTORY b/doc/HISTORY
index 4ccbdf80..52f519f3 100644
--- a/doc/HISTORY
+++ b/doc/HISTORY
@@ -9,6 +9,8 @@ not yet  BJH  Release 11.05.00
               pjtoppm: fix crash based on uninitialized variable.
               Introduced in Netpbm 11.04 (September 2023).
 
+              picttoppm: fix buffer overrun with insanely wide input.
+
               Build: Fix compile error on systems without 'asprintf'.
               Introduced in Netpbm 11.04 (September 2023).
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-24 23:44:30 +0000