dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2024-11-19 20:08:28 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

pnmdec,PAM: validate depth before calculating bytes_per_px

Browse Source 
fixes potential integer overflow with corrupt files.

Change-Id: I03e27fb14ad559dcd47e2704afdb6be9a163e02e
This commit is contained in:
James Zern 2017-08-19 20:51:32 +00:00
parent 34130afe8b
commit 20a94186ce
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
imageio/pnmdec.c
View File

@ -117,8 +117,13 @@ static size_t ReadPAMFields(PNMInfo* const info, size_t off) {
}
}
if (!(info->seen_flags & TUPLE_FLAG)) {
info->seen_flags |= TUPLE_FLAG;
info->bytes_per_px = info->depth * (info->max_value > 255 ? 2 : 1);
if (info->depth > 0 && info->depth <= 4) {
info->seen_flags |= TUPLE_FLAG;
info->bytes_per_px = info->depth * (info->max_value > 255 ? 2 : 1);
} else {
fprintf(stderr, "PAM: invalid bitdepth (%d).\n", info->depth);
return 0;
}
}
if (info->seen_flags != ALL_NEEDED_FLAGS) {
fprintf(stderr, "PAM: incomplete header.\n");