From eb1b1264b46f02550201e3e5856ff575fa47a0f7 Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Sat, 5 Oct 2013 05:51:54 -0400
Subject: Security: fix potential multiplication overflow

Better sanity check inputs to bit stream reader
---
 libqpdf/BitStream.cc | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'libqpdf/BitStream.cc')

diff --git a/libqpdf/BitStream.cc b/libqpdf/BitStream.cc
index eb511f72..14eae55d 100644
--- a/libqpdf/BitStream.cc
+++ b/libqpdf/BitStream.cc
@@ -16,6 +16,10 @@ BitStream::reset()
 {
     p = start;
     bit_offset = 7;
+    if (static_cast<unsigned int>(nbytes) > static_cast<unsigned int>(-1) / 8)
+    {
+	throw std::runtime_error("array too large for bitstream");
+    }
     bits_available = 8 * nbytes;
 }
 
-- 
cgit v1.2.3-54-g00ecf