#include <stdlib.h>
#include <string.h>
#include <ctype.h>
+#include <limits.h>
#include "openjpeg.h"
#include "convert.h"
return NULL;
}
+ /* This limitation could be removed by making sure to use size_t below */
+ if (header_info.height != 0 &&
+ header_info.width > INT_MAX / header_info.height) {
+ fprintf(stderr, "pnmtoimage:Image %dx%d too big!\n",
+ header_info.width, header_info.height);
+ fclose(fp);
+ return NULL;
+ }
+
format = header_info.format;
switch (format) {
comp->prec = cmptparms[compno].prec;
comp->bpp = cmptparms[compno].bpp;
comp->sgnd = cmptparms[compno].sgnd;
- comp->data = (OPJ_INT32*) opj_calloc(comp->w * comp->h, sizeof(OPJ_INT32));
+ if (comp->h != 0 && (OPJ_SIZE_T)comp->w > SIZE_MAX / comp->h) {
+ // TODO event manager
+ opj_image_destroy(image);
+ return NULL;
+ }
+ comp->data = (OPJ_INT32*) opj_calloc((OPJ_SIZE_T)comp->w * comp->h,
+ sizeof(OPJ_INT32));
if (!comp->data) {
/* TODO replace with event manager, breaks API */
/* fprintf(stderr,"Unable to allocate memory for image.\n"); */
projects / openjpeg / commitdiff