From bf85274a5c089c1c6295f0caf54ecf0c1c42e887 Mon Sep 17 00:00:00 2001
From: giraffedata <giraffedata@9d0c8265-081b-0410-96cb-a4ca84ce46f8>
Date: Fri, 29 Sep 2023 17:52:10 +0000
Subject: Validate computable image size and maxval in libnetpbm write init
 functions

git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@4706 9d0c8265-081b-0410-96cb-a4ca84ce46f8
---
 lib/libpbm1.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'lib/libpbm1.c')

diff --git a/lib/libpbm1.c b/lib/libpbm1.c
index d3403311..9e51970c 100644
--- a/lib/libpbm1.c
+++ b/lib/libpbm1.c
@@ -22,6 +22,7 @@
 #include "netpbm/mallocvar.h"
 #include "netpbm/shhopt.h"
 
+#include "libpbm.h"
 #include "pbm.h"
 
 
@@ -85,6 +86,28 @@ pbm_check(FILE *               const fileP,
 
 
 
+void
+pbm_validateComputableSize(unsigned int const cols,
+                           unsigned int const rows) {
+/*----------------------------------------------------------------------------
+   Validate that the dimensions of the image are such that it can be
+   processed in typical ways on this machine without worrying about
+   overflows.  Note that in C, arithmetic is always modulus
+   arithmetic, so if your values are too big, the result is not what
+   you expect.  That failed expectation can be disastrous if you use
+   it to allocate memory.
+
+   See comments at 'validateComputableSize' in libpam.c for details on
+   the purpose of these validations.
+-----------------------------------------------------------------------------*/
+    if (cols > INT_MAX - 10)
+        pm_error("image width (%u) too large to be processed", cols);
+    if (rows > INT_MAX - 10)
+        pm_error("image height (%u) too large to be processed", rows);
+}
+
+
+
 static unsigned int
 bitpop8(unsigned char const x) {
 /*----------------------------------------------------------------------------
-- 
cgit 1.4.1