[JPWL] fix CVE-2018-16375

Signed-off-by: Young_X <YangX92@hotmail.com>
2018-11-23 15:02:26 +08:00 · 2018-11-23 15:02:26 +08:00 · 619e1b086e
parent c5bd64ea14
commit 619e1b086e
1 changed files with 10 additions and 0 deletions
--- a/src/bin/jpwl/convert.c
+++ b/src/bin/jpwl/convert.c
@ -41,6 +41,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
+#include <limits.h>

 #ifdef OPJ_HAVE_LIBTIFF
 #include <tiffio.h>
@ -1862,6 +1863,15 @@ opj_image_t* pnmtoimage(const char *filename, opj_cparameters_t *parameters)
        return NULL;
    }

+    /* This limitation could be removed by making sure to use size_t below */
+    if (header_info.height != 0 &&
+            header_info.width > INT_MAX / header_info.height) {
+        fprintf(stderr, "pnmtoimage:Image %dx%d too big!\n",
+                header_info.width, header_info.height);
+        fclose(fp);
+        return NULL;
+    }
+
    format = header_info.format;

    switch (format) {