Commit 6d9d6815036a6ec1792a37d42815dbc1b14b415e
1 parent
f82728be
Fix memory limit calculation in Pl_DCT to prevent potential overflow on some 32-bit systems
Showing
1 changed file
with
1 additions
and
1 deletions
libqpdf/Pl_DCT.cc
| @@ -392,7 +392,7 @@ Pl_DCT::decompress(void* cinfo_p) | @@ -392,7 +392,7 @@ Pl_DCT::decompress(void* cinfo_p) | ||
| 392 | jpeg_calc_output_dimensions(cinfo); | 392 | jpeg_calc_output_dimensions(cinfo); |
| 393 | unsigned int width = cinfo->output_width * QIntC::to_uint(cinfo->output_components); | 393 | unsigned int width = cinfo->output_width * QIntC::to_uint(cinfo->output_components); |
| 394 | if (memory_limit > 0 && | 394 | if (memory_limit > 0 && |
| 395 | - width > (static_cast<unsigned long>(memory_limit) / (20U * cinfo->output_height))) { | 395 | + width > (static_cast<unsigned long>(memory_limit / 20) / cinfo->output_height)) { |
| 396 | // Even if jpeglib does not run out of memory, qpdf will while buffering the data before | 396 | // Even if jpeglib does not run out of memory, qpdf will while buffering the data before |
| 397 | // writing it. Furthermore, for very large images runtime can be significant before the | 397 | // writing it. Furthermore, for very large images runtime can be significant before the |
| 398 | // first warning is encountered causing a timeout in oss-fuzz. | 398 | // first warning is encountered causing a timeout in oss-fuzz. |