diff options
| author | Young_X <YangX92@hotmail.com> | 2018-11-23 15:02:26 +0800 |
|---|---|---|
| committer | Young_X <YangX92@hotmail.com> | 2018-11-23 17:08:56 +0800 |
| commit | 619e1b086eaa21ebd9b23eb67deee543b07bf06f (patch) | |
| tree | 74e381171872dc6b99c85af9631c1465931b4d81 /src | |
| parent | c5bd64ea146162967c29bd2af0cbb845ba3eaaaf (diff) | |
[JPWL] fix CVE-2018-16375
Signed-off-by: Young_X <YangX92@hotmail.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/bin/jpwl/convert.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/bin/jpwl/convert.c b/src/bin/jpwl/convert.c index 73c1be72..04ca64ca 100644 --- a/src/bin/jpwl/convert.c +++ b/src/bin/jpwl/convert.c @@ -41,6 +41,7 @@ #include <stdlib.h> #include <string.h> #include <ctype.h> +#include <limits.h> #ifdef OPJ_HAVE_LIBTIFF #include <tiffio.h> @@ -1862,6 +1863,15 @@ opj_image_t* pnmtoimage(const char *filename, opj_cparameters_t *parameters) return NULL; } + /* This limitation could be removed by making sure to use size_t below */ + if (header_info.height != 0 && + header_info.width > INT_MAX / header_info.height) { + fprintf(stderr, "pnmtoimage:Image %dx%d too big!\n", + header_info.width, header_info.height); + fclose(fp); + return NULL; + } + format = header_info.format; switch (format) { |