[JPWL] fix CVE-2018-16375

author Young_X <YangX92@hotmail.com>

Fri, 23 Nov 2018 07:02:26 +0000 (15:02 +0800)

committer Young_X <YangX92@hotmail.com>

Fri, 23 Nov 2018 09:08:56 +0000 (17:08 +0800)
author Young_X <YangX92@hotmail.com>
Fri, 23 Nov 2018 07:02:26 +0000 (15:02 +0800)
committer Young_X <YangX92@hotmail.com>
Fri, 23 Nov 2018 09:08:56 +0000 (17:08 +0800)
diff --git a/src/bin/jpwl/convert.c b/src/bin/jpwl/convert.c

index 73c1be72988d6a11e2825d8a45ad4186a1b859e4..04ca64ca33818ab5364086ff8a16319c3c5b6032 100644 (file)
--- a/src/bin/jpwl/convert.c
+++ b/src/bin/jpwl/convert.c
@@ -41,6 +41,7 @@
  #include <stdlib.h>
  #include <string.h>
  #include <ctype.h>
+#include <limits.h>
  
  #ifdef OPJ_HAVE_LIBTIFF
  #include <tiffio.h>
@@ -1862,6 +1863,15 @@ opj_image_t* pnmtoimage(const char *filename, opj_cparameters_t *parameters)
          return NULL;
      }
  
+    /* This limitation could be removed by making sure to use size_t below */
+    if (header_info.height != 0 &&
+            header_info.width > INT_MAX / header_info.height) {
+        fprintf(stderr, "pnmtoimage:Image %dx%d too big!\n",
+                header_info.width, header_info.height);
+        fclose(fp);
+        return NULL;
+    }
+
      format = header_info.format;
  
      switch (format) {
author	Young_X <YangX92@hotmail.com>
	Fri, 23 Nov 2018 07:02:26 +0000 (15:02 +0800)
committer	Young_X <YangX92@hotmail.com>
	Fri, 23 Nov 2018 09:08:56 +0000 (17:08 +0800)