From aefcdcb26e6f076ece01d3af35e4a004ab105bff Mon Sep 17 00:00:00 2001
From: giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>
Date: Sun, 9 Dec 2007 18:23:34 +0000
Subject: fix arithmetic overflow

git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@484 9d0c8265-081b-0410-96cb-a4ca84ce46f8
---
 editor/pnmcat.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'editor')

diff --git a/editor/pnmcat.c b/editor/pnmcat.c
index 20dbf34d..cc86520f 100644
--- a/editor/pnmcat.c
+++ b/editor/pnmcat.c
@@ -155,7 +155,7 @@ computeOutputParms(unsigned int     const nfiles,
                    xelval *         const newmaxvalP,
                    int *            const newformatP) {
 
-    int newcols, newrows;
+    double newcols, newrows;
     int newformat;
     xelval newmaxval;
 
@@ -187,8 +187,18 @@ computeOutputParms(unsigned int     const nfiles,
             break;
 	    }
 	}
-    *newrowsP   = newrows;
-    *newcolsP   = newcols;
+
+    /* Note that while 'double' is not in general a precise numerical type,
+       in the case of a sum of integers which is less than INT_MAX, it
+       is exact, because double's precision is greater than int's.
+    */
+    if (newcols > INT_MAX)
+       pm_error("Output width too large: %.0f.", newcols);
+    if (newrows > INT_MAX)
+       pm_error("Output height too large: %.0f.", newrows);
+	
+    *newrowsP   = (int) newrows;
+    *newcolsP   = (int) newcols;
     *newmaxvalP = newmaxval;
     *newformatP = newformat;
 }
-- 
cgit 1.4.1