From 63113e6b1222bc65e5eab2782cf8d4ccf4576efe Mon Sep 17 00:00:00 2001 From: giraffedata Date: Sat, 1 Dec 2007 17:41:50 +0000 Subject: Validate computable size for PBM, as we do for everything else git-svn-id: http://svn.code.sf.net/p/netpbm/code/trunk@475 9d0c8265-081b-0410-96cb-a4ca84ce46f8 --- lib/libpbm2.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'lib/libpbm2.c') diff --git a/lib/libpbm2.c b/lib/libpbm2.c index 19ca93b3..df1443a3 100644 --- a/lib/libpbm2.c +++ b/lib/libpbm2.c @@ -10,6 +10,8 @@ ** implied warranty. */ +#include + #include "pbm.h" #include "libpbm.h" #include "fileio.h" @@ -57,6 +59,28 @@ pbm_readpbminitrest( file, colsP, rowsP ) +static void +validateComputableSize(unsigned int const cols, + unsigned int const rows) { +/*---------------------------------------------------------------------------- + Validate that the dimensions of the image are such that it can be + processed in typical ways on this machine without worrying about + overflows. Note that in C, arithmetic is always modulus + arithmetic, so if your values are too big, the result is not what + you expect. That failed expectation can be disastrous if you use + it to allocate memory. + + A common operation is adding 1 or 2 to the highest row or + column number in the image, so we make sure that's possible. +-----------------------------------------------------------------------------*/ + if (cols > INT_MAX - 2) + pm_error("image width (%u) too large to be processed", cols); + if (rows > INT_MAX - 2) + pm_error("image height (%u) too large to be processed", rows); +} + + + void pbm_readpbminit(FILE * const ifP, int * const colsP, @@ -88,6 +112,7 @@ pbm_readpbminit(FILE * const ifP, default: pm_error("bad magic number - not a Netpbm file"); } + validateComputableSize(*colsP, *rowsP); } -- cgit 1.4.1