diff options
| author | Jorge Arellano Cid <jcid@dillo.org> | 2009-06-26 18:04:03 -0400 |
|---|---|---|
| committer | Jorge Arellano Cid <jcid@dillo.org> | 2009-06-26 18:04:03 -0400 |
| commit | d56c2d5edcf109ef1544002d8a78e518f71db06c (patch) | |
| tree | 0ef8d112f988eb9d14a4221e743162e1828a2c59 /src/png.c | |
| parent | eb2a6dc7f2fc0ac7cfb95b0d4f93adb363d6310d (diff) | |
Image size sanity checks (part 1)
Diffstat (limited to 'src/png.c')
| -rw-r--r-- | src/png.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -135,7 +135,8 @@ Png_datainfo_callback(png_structp png_ptr, png_infop info_ptr) &bit_depth, &color_type, &interlace_type, NULL, NULL); /* check max image size */ - if (abs(png->width*png->height) > IMAGE_MAX_W * IMAGE_MAX_H) { + if (png->width <= 0 || png->height <= 0 || + png->width > (IMAGE_MAX_W * IMAGE_MAX_H) / png->height) { MSG("Png_datainfo_callback: suspicious image size request %ldx%ld\n", png->width, png->height); Png_error_handling(png_ptr, "Aborting..."); |