From 6d9d6815036a6ec1792a37d42815dbc1b14b415e Mon Sep 17 00:00:00 2001
From: m-holger <m.holger@qpdf.org>
Date: Mon, 2 Mar 2026 19:18:52 +0000
Subject: [PATCH] Fix memory limit calculation in Pl_DCT to prevent potential overflow on some 32-bit systems

---
 libqpdf/Pl_DCT.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libqpdf/Pl_DCT.cc b/libqpdf/Pl_DCT.cc
index b059d30..b2cd084 100644
--- a/libqpdf/Pl_DCT.cc
+++ b/libqpdf/Pl_DCT.cc
@@ -392,7 +392,7 @@ Pl_DCT::decompress(void* cinfo_p)
     jpeg_calc_output_dimensions(cinfo);
     unsigned int width = cinfo->output_width * QIntC::to_uint(cinfo->output_components);
     if (memory_limit > 0 &&
-        width > (static_cast<unsigned long>(memory_limit) / (20U * cinfo->output_height))) {
+        width > (static_cast<unsigned long>(memory_limit / 20) / cinfo->output_height)) {
         // Even if jpeglib does not run out of memory, qpdf will while buffering the data before
         // writing it. Furthermore, for very large images runtime can be significant before the
         // first warning is encountered causing a timeout in oss-fuzz.
--
libgit2 0.21.4