Added checks for integer overflow.

author dirk <dirk@git.imagemagick.org>

Sun, 29 May 2016 19:59:45 +0000 (21:59 +0200)

committer dirk <dirk@git.imagemagick.org>

Sun, 29 May 2016 20:01:03 +0000 (22:01 +0200)
author dirk <dirk@git.imagemagick.org>
Sun, 29 May 2016 19:59:45 +0000 (21:59 +0200)
committer dirk <dirk@git.imagemagick.org>
Sun, 29 May 2016 20:01:03 +0000 (22:01 +0200)
diff --git a/coders/pcx.c b/coders/pcx.c

index 444e090ef10bbc36f3eef4e4133032b165dca0d6..65f2328e0d99947e2aa86e3384f104d0e910b52b 100644 (file)
--- a/coders/pcx.c
+++ b/coders/pcx.c
@@ -385,7 +385,12 @@ static Image *ReadPCXImage(const ImageInfo *image_info,ExceptionInfo *exception)
      /*
        Read image data.
      */
-    pcx_packets=(size_t) image->rows*pcx_info.bytes_per_line*pcx_info.planes;
+    if (HeapOverflowSanityCheck(image->rows, (size_t) pcx_info.bytes_per_line) != MagickFalse)
+      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+    pcx_packets=(size_t) image->rows*pcx_info.bytes_per_line;
+    if (HeapOverflowSanityCheck(pcx_packets, (size_t)pcx_info.planes) != MagickFalse)
+      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+    pcx_packets=(size_t) pcx_packets*pcx_info.planes;
      if ((size_t) (pcx_info.bits_per_pixel*pcx_info.planes*image->columns) >
          (pcx_packets*8U))
        ThrowReaderException(CorruptImageError,"ImproperImageHeader");
author	dirk <dirk@git.imagemagick.org>
	Sun, 29 May 2016 19:59:45 +0000 (21:59 +0200)
committer	dirk <dirk@git.imagemagick.org>
	Sun, 29 May 2016 20:01:03 +0000 (22:01 +0200)