From 619e1b086eaa21ebd9b23eb67deee543b07bf06f Mon Sep 17 00:00:00 2001
From: Young_X <YangX92@hotmail.com>
Date: Fri, 23 Nov 2018 15:02:26 +0800
Subject: [PATCH] [JPWL] fix CVE-2018-16375

Signed-off-by: Young_X <YangX92@hotmail.com>
---
 src/bin/jpwl/convert.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/bin/jpwl/convert.c b/src/bin/jpwl/convert.c
index 73c1be72..04ca64ca 100644
--- a/src/bin/jpwl/convert.c
+++ b/src/bin/jpwl/convert.c
@@ -41,6 +41,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
+#include <limits.h>
 
 #ifdef OPJ_HAVE_LIBTIFF
 #include <tiffio.h>
@@ -1862,6 +1863,15 @@ opj_image_t* pnmtoimage(const char *filename, opj_cparameters_t *parameters)
         return NULL;
     }
 
+    /* This limitation could be removed by making sure to use size_t below */
+    if (header_info.height != 0 &&
+            header_info.width > INT_MAX / header_info.height) {
+        fprintf(stderr, "pnmtoimage:Image %dx%d too big!\n",
+                header_info.width, header_info.height);
+        fclose(fp);
+        return NULL;
+    }
+
     format = header_info.format;
 
     switch (format) {