From f9991b5fefb8cd05bafb25aaf88962b724fc78b6 Mon Sep 17 00:00:00 2001
From: giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>
Date: Wed, 13 May 2015 01:44:59 +0000
Subject: Fix incorrect output with oversize input image

git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@2484 9d0c8265-081b-0410-96cb-a4ca84ce46f8
---
 converter/pbm/pbmtomgr.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/converter/pbm/pbmtomgr.c b/converter/pbm/pbmtomgr.c
index 2ca7c7d0..4bc6efdc 100644
--- a/converter/pbm/pbmtomgr.c
+++ b/converter/pbm/pbmtomgr.c
@@ -6,9 +6,12 @@
    ftp://sunsite.unc.edu/pub/Linux/apps/MGR/!INDEX.html
 */
 
+#include <assert.h>
 #include "pbm.h"
 #include "mgr.h"
 
+
+
 static void
 putinit(unsigned int const rows,
         unsigned int const cols) {
@@ -16,6 +19,10 @@ putinit(unsigned int const rows,
     struct b_header head;
     size_t writtenCount;
 
+    /* Because of argument restrictions: maximum dimensions: */
+    assert((rows & 0x3f) == rows);
+    assert((cols & 0x3f) == cols);
+
     head.magic[0] = 'y';
     head.magic[1] = 'z';
     head.h_wide = ((cols >> 6) & 0x3f) + ' ';
@@ -48,6 +55,7 @@ main(int argc,
            a multiple of 8, i.e. an integral number of packed bytes.
         */
     const char * inputFileName;
+    unsigned int const maxDimension = 4095; /* Dimensions: 6 bits */
 
     pbm_init(&argc, argv);
 
@@ -62,6 +70,10 @@ main(int argc,
     ifP = pm_openr(inputFileName);
 
     pbm_readpbminit(ifP, &cols, &rows, &format);
+    if (cols > maxDimension)
+        pm_error("Image width too large: %u (max: %u)", cols, maxDimension);
+    if (rows > maxDimension)
+        pm_error("Image height too large: %u (max: %u)", rows, maxDimension);
     
     bitrow = pbm_allocrow_packed(cols);
     bytesPerRow = pbm_packed_bytes(cols);
-- 
cgit 1.4.1