mirror of
https://github.com/webmproject/libwebp.git
synced 2024-12-25 13:18:22 +01:00
pnmdec,PAM: validate depth before calculating bytes_per_px
fixes potential integer overflow with corrupt files. Change-Id: I03e27fb14ad559dcd47e2704afdb6be9a163e02e
This commit is contained in:
parent
34130afe8b
commit
20a94186ce
@ -117,8 +117,13 @@ static size_t ReadPAMFields(PNMInfo* const info, size_t off) {
|
||||
}
|
||||
}
|
||||
if (!(info->seen_flags & TUPLE_FLAG)) {
|
||||
info->seen_flags |= TUPLE_FLAG;
|
||||
info->bytes_per_px = info->depth * (info->max_value > 255 ? 2 : 1);
|
||||
if (info->depth > 0 && info->depth <= 4) {
|
||||
info->seen_flags |= TUPLE_FLAG;
|
||||
info->bytes_per_px = info->depth * (info->max_value > 255 ? 2 : 1);
|
||||
} else {
|
||||
fprintf(stderr, "PAM: invalid bitdepth (%d).\n", info->depth);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
if (info->seen_flags != ALL_NEEDED_FLAGS) {
|
||||
fprintf(stderr, "PAM: incomplete header.\n");
|
||||
|
Loading…
Reference in New Issue
Block a user