Commit 3ef1be9783ca02ed8d786e0c3d4a992e00711c51
1 parent
ec7d74a3
PNGFilter: Better range checking for columns
Showing
1 changed file
with
4 additions
and
2 deletions
libqpdf/Pl_PNGFilter.cc
| 1 | 1 | #include <qpdf/Pl_PNGFilter.hh> |
| 2 | 2 | #include <stdexcept> |
| 3 | 3 | #include <string.h> |
| 4 | +#include <limits.h> | |
| 4 | 5 | |
| 5 | 6 | Pl_PNGFilter::Pl_PNGFilter(char const* identifier, Pipeline* next, |
| 6 | 7 | action_e action, unsigned int columns, |
| ... | ... | @@ -14,9 +15,10 @@ Pl_PNGFilter::Pl_PNGFilter(char const* identifier, Pipeline* next, |
| 14 | 15 | buf2(0), |
| 15 | 16 | pos(0) |
| 16 | 17 | { |
| 17 | - if (columns == 0) | |
| 18 | + if ((columns == 0) || (columns > UINT_MAX - 1)) | |
| 18 | 19 | { |
| 19 | - throw std::runtime_error("PNGFilter created with columns = 0"); | |
| 20 | + throw std::runtime_error( | |
| 21 | + "PNGFilter created with invalid columns value"); | |
| 20 | 22 | } |
| 21 | 23 | this->buf1 = new unsigned char[columns + 1]; |
| 22 | 24 | this->buf2 = new unsigned char[columns + 1]; | ... | ... |