diff options
-rw-r--r-- | doc/HISTORY | 5 | ||||
-rw-r--r-- | lib/libpam.c | 44 |
2 files changed, 29 insertions, 20 deletions
diff --git a/doc/HISTORY b/doc/HISTORY index d1422b87..dc935385 100644 --- a/doc/HISTORY +++ b/doc/HISTORY @@ -6,8 +6,9 @@ CHANGE HISTORY not yet BJH Release 10.37.0 - ppmtompeg: fix reading of GOPs, combine server. Thanks - Alun Jones. + pnm_readpaminit(): abort instead of crash if width == 0. + + ppmtompeg: fix reading of GOPs. Thanks Alun Jones. cmuwmtopbm, mgrtopbm, pbmtocmuwm, pbmtoicon, pbmtomgr: Rewrite to use packed PBM functions for efficiency. diff --git a/lib/libpam.c b/lib/libpam.c index 6d2acba7..8ab8f4ef 100644 --- a/lib/libpam.c +++ b/lib/libpam.c @@ -86,24 +86,32 @@ validateComputableSize(struct pam * const pamP) { Another common operation is adding 1 or 2 to the highest row, column, or plane number in the image, so we make sure that's possible. -----------------------------------------------------------------------------*/ - unsigned int const depth = allocationDepth(pamP); - - if (depth > INT_MAX/sizeof(sample)) - pm_error("image depth (%u) too large to be processed", depth); - else if (depth * sizeof(sample) > INT_MAX/pamP->width) - pm_error("image width and depth (%u, %u) too large " - "to be processed.", pamP->width, depth); - else if (pamP->width * (depth * sizeof(sample)) > - INT_MAX - depth * sizeof(tuple *)) - pm_error("image width and depth (%u, %u) too large " - "to be processed.", pamP->width, depth); - - if (depth > INT_MAX - 2) - pm_error("image depth (%u) too large to be processed", depth); - if (pamP->width > INT_MAX - 2) - pm_error("image width (%u) too large to be processed", pamP->width); - if (pamP->height > INT_MAX - 2) - pm_error("image height (%u) too large to be processed", pamP->height); + if (pamP->width == 0) + pm_error("Width is zero. Image must be at least one pixel wide"); + else if (pamP->height == 0) + pm_error("Height is zero. Image must be at least one pixel high"); + else { + unsigned int const depth = allocationDepth(pamP); + + if (depth > INT_MAX/sizeof(sample)) + pm_error("image depth (%u) too large to be processed", depth); + else if (depth * sizeof(sample) > INT_MAX/pamP->width) + pm_error("image width and depth (%u, %u) too large " + "to be processed.", pamP->width, depth); + else if (pamP->width * (depth * sizeof(sample)) > + INT_MAX - depth * sizeof(tuple *)) + pm_error("image width and depth (%u, %u) too large " + "to be processed.", pamP->width, depth); + + if (depth > INT_MAX - 2) + pm_error("image depth (%u) too large to be processed", depth); + if (pamP->width > INT_MAX - 2) + pm_error("image width (%u) too large to be processed", + pamP->width); + if (pamP->height > INT_MAX - 2) + pm_error("image height (%u) too large to be processed", + pamP->height); + } } |