avoid too big pixel sizes

author: Lode <lvandeve@gmail.com> 2014-11-20 01:47:54 +0100
committer: Lode <lvandeve@gmail.com> 2014-11-20 01:47:54 +0100
commit: 76577a213aead1da174b3afb234720438261a533 (patch)
tree: aa0b7155234f1c2ac1a085de53bc645dc6eb6cce /lodepng.cpp
parent: a2c1203a0cdafee8e89fd116f512e5d96d94d27b (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/lodepng.cpp b/lodepng.cpp
index ee9f168..0c60dc2 100644
--- a/lodepng.cpp
+++ b/lodepng.cpp
@@ -4438,6 +4438,13 @@ static void decodeGeneric(unsigned char** out, unsigned* w, unsigned* h,
   state->error = lodepng_inspect(w, h, state, in, insize); /*reads header and resets other parameters in state->info_png*/
   if(state->error) return;
 
+  size_t numpixels = *w * *h;
+  if(*h != 0 && numpixels / *h != *w)
+  {
+    state->error = 92; /*multiplication overflow*/
+    return;
+  }
+
   ucvector_init(&idat);
   chunk = &in[33]; /*first byte of the first chunk after the header*/
 
@@ -5880,6 +5887,7 @@ const char* lodepng_error_text(unsigned code)
     /*the windowsize in the LodePNGCompressSettings. Requiring POT(==> & instead of %) makes encoding 12% faster.*/
     case 90: return "windowsize must be a power of two";
     case 91: return "invalid decompressed idat size";
+    case 92: return "too many pixels, not supported";
   }
   return "unknown error code";
 }
author	Lode <lvandeve@gmail.com>	2014-11-20 01:47:54 +0100
committer	Lode <lvandeve@gmail.com>	2014-11-20 01:47:54 +0100
commit	76577a213aead1da174b3afb234720438261a533 (patch)
tree	aa0b7155234f1c2ac1a085de53bc645dc6eb6cce /lodepng.cpp
parent	a2c1203a0cdafee8e89fd116f512e5d96d94d27b (diff)