diff options
Diffstat (limited to 'lib/libpbm2.c')
-rw-r--r-- | lib/libpbm2.c | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/lib/libpbm2.c b/lib/libpbm2.c index c71193c9..8668356e 100644 --- a/lib/libpbm2.c +++ b/lib/libpbm2.c @@ -35,25 +35,36 @@ getbit (FILE * const file) { void -pbm_readpbminitrest( FILE * const file, - int * const colsP, - int * const rowsP ) { +pbm_readpbminitrest(FILE * const ifP, + int * const colsP, + int * const rowsP ) { + + unsigned int cols; + unsigned int rows; + /* Read size. */ - *colsP = (int)pm_getuint( file ); - *rowsP = (int)pm_getuint( file ); + cols = pm_getuint(ifP); + rows = pm_getuint(ifP); /* *colsP and *rowsP really should be unsigned int, but they come from the time before unsigned ints (or at least from a person - trained in that tradition), so they are int. We could simply - consider negative numbers to mean values > INT_MAX/2 and much + trained in that tradition), so they are int. Caller could simply + consider negative numbers to mean values > INT_MAX and much code would just automatically work. But some code would fail miserably. So we consider values that won't fit in an int to be unprocessable. */ - if (*colsP < 0) - pm_error("Number of columns in header is too large."); - if (*rowsP < 0) - pm_error("Number of rows in header is too large."); + if (cols > INT_MAX) + pm_error("Number of columns in header is too large (%u). " + "The maximum allowed by the format is %u", + cols, INT_MAX); + if (rows > INT_MAX) + pm_error("Number of rows in header is too large (%u). " + "The maximum allowed by the format is %u", + rows, INT_MAX); + + *colsP = (int)cols; + *rowsP = (int)rows; } |