diff options
author | Jay Berkenbilt <ejb@ql.org> | 2017-08-31 13:26:58 +0200 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2017-08-31 13:26:58 +0200 |
commit | 3ef1be9783ca02ed8d786e0c3d4a992e00711c51 (patch) | |
tree | fe28f06216c6af5700453d79483879a758348873 | |
parent | ec7d74a386c0b2f38990079c3b0d2a2b30be0e71 (diff) | |
download | qpdf-3ef1be9783ca02ed8d786e0c3d4a992e00711c51.tar.zst |
PNGFilter: Better range checking for columns
-rw-r--r-- | libqpdf/Pl_PNGFilter.cc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/libqpdf/Pl_PNGFilter.cc b/libqpdf/Pl_PNGFilter.cc index 1566c8a5..78398736 100644 --- a/libqpdf/Pl_PNGFilter.cc +++ b/libqpdf/Pl_PNGFilter.cc @@ -1,6 +1,7 @@ #include <qpdf/Pl_PNGFilter.hh> #include <stdexcept> #include <string.h> +#include <limits.h> Pl_PNGFilter::Pl_PNGFilter(char const* identifier, Pipeline* next, action_e action, unsigned int columns, @@ -14,9 +15,10 @@ Pl_PNGFilter::Pl_PNGFilter(char const* identifier, Pipeline* next, buf2(0), pos(0) { - if (columns == 0) + if ((columns == 0) || (columns > UINT_MAX - 1)) { - throw std::runtime_error("PNGFilter created with columns = 0"); + throw std::runtime_error( + "PNGFilter created with invalid columns value"); } this->buf1 = new unsigned char[columns + 1]; this->buf2 = new unsigned char[columns + 1]; |