about summary refs log tree commit diff
path: root/lib/libpbm1.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/libpbm1.c')
-rw-r--r--lib/libpbm1.c34
1 files changed, 30 insertions, 4 deletions
diff --git a/lib/libpbm1.c b/lib/libpbm1.c
index 49ab7fdf..9e51970c 100644
--- a/lib/libpbm1.c
+++ b/lib/libpbm1.c
@@ -14,7 +14,7 @@
    offset stuff.
 */
 #define _FILE_OFFSET_BITS 64
-#define _LARGE_FILES  
+#define _LARGE_FILES
 
 #include <stdio.h>
 
@@ -22,6 +22,7 @@
 #include "netpbm/mallocvar.h"
 #include "netpbm/shhopt.h"
 
+#include "libpbm.h"
 #include "pbm.h"
 
 
@@ -59,7 +60,7 @@ pbm_nextimage(FILE *file, int * const eofP) {
 
 void
 pbm_check(FILE *               const fileP,
-          enum pm_check_type   const checkType, 
+          enum pm_check_type   const checkType,
           int                  const format,
           int                  const cols,
           int                  const rows,
@@ -69,14 +70,14 @@ pbm_check(FILE *               const fileP,
         pm_error("Invalid number of rows passed to pbm_check(): %d", rows);
     if (cols < 0)
         pm_error("Invalid number of columns passed to pbm_check(): %d", cols);
-    
+
     if (checkType != PM_CHECK_BASIC) {
         if (retvalP)
             *retvalP = PM_CHECK_UNKNOWN_TYPE;
     } else if (format != RPBM_FORMAT) {
         if (retvalP)
             *retvalP = PM_CHECK_UNCHECKABLE;
-    } else {        
+    } else {
         pm_filepos const bytesPerRow    = (cols+7)/8;
         pm_filepos const needRasterSize = rows * bytesPerRow;
         pm_check(fileP, checkType, needRasterSize, retvalP);
@@ -85,6 +86,28 @@ pbm_check(FILE *               const fileP,
 
 
 
+void
+pbm_validateComputableSize(unsigned int const cols,
+                           unsigned int const rows) {
+/*----------------------------------------------------------------------------
+   Validate that the dimensions of the image are such that it can be
+   processed in typical ways on this machine without worrying about
+   overflows.  Note that in C, arithmetic is always modulus
+   arithmetic, so if your values are too big, the result is not what
+   you expect.  That failed expectation can be disastrous if you use
+   it to allocate memory.
+
+   See comments at 'validateComputableSize' in libpam.c for details on
+   the purpose of these validations.
+-----------------------------------------------------------------------------*/
+    if (cols > INT_MAX - 10)
+        pm_error("image width (%u) too large to be processed", cols);
+    if (rows > INT_MAX - 10)
+        pm_error("image height (%u) too large to be processed", rows);
+}
+
+
+
 static unsigned int
 bitpop8(unsigned char const x) {
 /*----------------------------------------------------------------------------
@@ -179,3 +202,6 @@ pbm_backgroundbitrow(unsigned const char * const packedBits,
     }
     return retval;
 }
+
+
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-04 18:42:51 +0000