aboutsummaryrefslogtreecommitdiff
path: root/src/png.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/png.c')
-rw-r--r--src/png.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/png.c b/src/png.c
index 5f29553e..98211ffe 100644
--- a/src/png.c
+++ b/src/png.c
@@ -135,7 +135,8 @@ Png_datainfo_callback(png_structp png_ptr, png_infop info_ptr)
&bit_depth, &color_type, &interlace_type, NULL, NULL);
/* check max image size */
- if (abs(png->width*png->height) > IMAGE_MAX_W * IMAGE_MAX_H) {
+ if (png->width <= 0 || png->height <= 0 ||
+ png->width > (IMAGE_MAX_W * IMAGE_MAX_H) / png->height) {
MSG("Png_datainfo_callback: suspicious image size request %ldx%ld\n",
png->width, png->height);
Png_error_handling(png_ptr, "Aborting...");