summaryrefslogtreecommitdiff
path: root/src/jpeg.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/jpeg.c')
-rw-r--r--src/jpeg.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/jpeg.c b/src/jpeg.c
index 09bdfb3d..4a5f4118 100644
--- a/src/jpeg.c
+++ b/src/jpeg.c
@@ -280,8 +280,9 @@ static void Jpeg_write(DilloJpeg *jpeg, void *Buf, uint_t BufSize)
jpeg->cinfo.buffered_image = TRUE;
/* check max image size */
- if ((uint_t)jpeg->cinfo.image_width *
- (uint_t)jpeg->cinfo.image_height > IMAGE_MAX_W * IMAGE_MAX_H) {
+ if (jpeg->cinfo.image_width <= 0 || jpeg->cinfo.image_height <= 0 ||
+ jpeg->cinfo.image_width >
+ (IMAGE_MAX_W * IMAGE_MAX_H) / jpeg->cinfo.image_height) {
MSG("Jpeg_write: suspicious image size request %ux%u\n",
(uint_t)jpeg->cinfo.image_width,
(uint_t)jpeg->cinfo.image_height);