Commit 3ef1be9783ca02ed8d786e0c3d4a992e00711c51
1 parent
ec7d74a3
PNGFilter: Better range checking for columns
Showing
1 changed file
with
4 additions
and
2 deletions
libqpdf/Pl_PNGFilter.cc
| 1 | #include <qpdf/Pl_PNGFilter.hh> | 1 | #include <qpdf/Pl_PNGFilter.hh> |
| 2 | #include <stdexcept> | 2 | #include <stdexcept> |
| 3 | #include <string.h> | 3 | #include <string.h> |
| 4 | +#include <limits.h> | ||
| 4 | 5 | ||
| 5 | Pl_PNGFilter::Pl_PNGFilter(char const* identifier, Pipeline* next, | 6 | Pl_PNGFilter::Pl_PNGFilter(char const* identifier, Pipeline* next, |
| 6 | action_e action, unsigned int columns, | 7 | action_e action, unsigned int columns, |
| @@ -14,9 +15,10 @@ Pl_PNGFilter::Pl_PNGFilter(char const* identifier, Pipeline* next, | @@ -14,9 +15,10 @@ Pl_PNGFilter::Pl_PNGFilter(char const* identifier, Pipeline* next, | ||
| 14 | buf2(0), | 15 | buf2(0), |
| 15 | pos(0) | 16 | pos(0) |
| 16 | { | 17 | { |
| 17 | - if (columns == 0) | 18 | + if ((columns == 0) || (columns > UINT_MAX - 1)) |
| 18 | { | 19 | { |
| 19 | - throw std::runtime_error("PNGFilter created with columns = 0"); | 20 | + throw std::runtime_error( |
| 21 | + "PNGFilter created with invalid columns value"); | ||
| 20 | } | 22 | } |
| 21 | this->buf1 = new unsigned char[columns + 1]; | 23 | this->buf1 = new unsigned char[columns + 1]; |
| 22 | this->buf2 = new unsigned char[columns + 1]; | 24 | this->buf2 = new unsigned char[columns + 1]; |