Image size sanity checks (part 1)

author: Jorge Arellano Cid <jcid@dillo.org> 2009-06-26 18:04:03 -0400
committer: Jorge Arellano Cid <jcid@dillo.org> 2009-06-26 18:04:03 -0400
commit: d56c2d5edcf109ef1544002d8a78e518f71db06c (patch)
tree: 0ef8d112f988eb9d14a4221e743162e1828a2c59 /src/jpeg.c
parent: eb2a6dc7f2fc0ac7cfb95b0d4f93adb363d6310d (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/jpeg.c b/src/jpeg.c
index 09bdfb3d..4a5f4118 100644
--- a/src/jpeg.c
+++ b/src/jpeg.c
@@ -280,8 +280,9 @@ static void Jpeg_write(DilloJpeg *jpeg, void *Buf, uint_t BufSize)
             jpeg->cinfo.buffered_image = TRUE;
 
          /* check max image size */
-         if ((uint_t)jpeg->cinfo.image_width *
-             (uint_t)jpeg->cinfo.image_height  > IMAGE_MAX_W * IMAGE_MAX_H) {
+         if (jpeg->cinfo.image_width <= 0 || jpeg->cinfo.image_height <= 0 ||
+             jpeg->cinfo.image_width > 
+             (IMAGE_MAX_W * IMAGE_MAX_H) / jpeg->cinfo.image_height) {
             MSG("Jpeg_write: suspicious image size request %ux%u\n",
                 (uint_t)jpeg->cinfo.image_width,
                 (uint_t)jpeg->cinfo.image_height);
author	Jorge Arellano Cid <jcid@dillo.org>	2009-06-26 18:04:03 -0400
committer	Jorge Arellano Cid <jcid@dillo.org>	2009-06-26 18:04:03 -0400
commit	d56c2d5edcf109ef1544002d8a78e518f71db06c (patch)
tree	0ef8d112f988eb9d14a4221e743162e1828a2c59 /src/jpeg.c
parent	eb2a6dc7f2fc0ac7cfb95b0d4f93adb363d6310d (diff)