summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/gif.c2
-rw-r--r--src/html.cc2
-rw-r--r--src/image.hh4
-rw-r--r--src/jpeg.c2
-rw-r--r--src/png.c2
5 files changed, 5 insertions, 7 deletions
diff --git a/src/gif.c b/src/gif.c
index 4a2bb847..3df83d20 100644
--- a/src/gif.c
+++ b/src/gif.c
@@ -815,7 +815,7 @@ static size_t Gif_do_img_desc(DilloGif *gif, void *Buf,
/* check max image size */
if (gif->Width <= 0 || gif->Height <= 0 ||
- gif->Width > (IMAGE_MAX_W * IMAGE_MAX_H) / gif->Height) {
+ gif->Width > IMAGE_MAX_AREA / gif->Height) {
MSG("Gif_do_img_desc: suspicious image size request %ux%u\n",
gif->Width, gif->Height);
gif->state = 999;
diff --git a/src/html.cc b/src/html.cc
index 493290ff..f05beb51 100644
--- a/src/html.cc
+++ b/src/html.cc
@@ -1984,7 +1984,7 @@ DilloImage *a_Html_image_new(DilloHtml *html, const char *tag,
h = (int) (CSS_LENGTH_TYPE(l_h) == CSS_LENGTH_TYPE_PX ?
CSS_LENGTH_VALUE(l_h) : 0);
}
- if (w < 0 || h < 0 || abs(w*h) > IMAGE_MAX_W * IMAGE_MAX_H) {
+ if (w < 0 || h < 0 || abs(w*h) > IMAGE_MAX_AREA) {
dFree(width_ptr);
dFree(height_ptr);
width_ptr = height_ptr = NULL;
diff --git a/src/image.hh b/src/image.hh
index 8291ffb4..530e71f2 100644
--- a/src/image.hh
+++ b/src/image.hh
@@ -17,9 +17,7 @@ extern "C" {
*/
/* Arbitrary maximum for image size (to avoid image size-crafting attacks). */
-#define IMAGE_MAX_W 6000
-#define IMAGE_MAX_H 6000
-
+#define IMAGE_MAX_AREA (6000 * 6000)
/*
* Types
diff --git a/src/jpeg.c b/src/jpeg.c
index 4a5f4118..b73a1672 100644
--- a/src/jpeg.c
+++ b/src/jpeg.c
@@ -282,7 +282,7 @@ static void Jpeg_write(DilloJpeg *jpeg, void *Buf, uint_t BufSize)
/* check max image size */
if (jpeg->cinfo.image_width <= 0 || jpeg->cinfo.image_height <= 0 ||
jpeg->cinfo.image_width >
- (IMAGE_MAX_W * IMAGE_MAX_H) / jpeg->cinfo.image_height) {
+ IMAGE_MAX_AREA / jpeg->cinfo.image_height) {
MSG("Jpeg_write: suspicious image size request %ux%u\n",
(uint_t)jpeg->cinfo.image_width,
(uint_t)jpeg->cinfo.image_height);
diff --git a/src/png.c b/src/png.c
index 98211ffe..353ebaa3 100644
--- a/src/png.c
+++ b/src/png.c
@@ -136,7 +136,7 @@ Png_datainfo_callback(png_structp png_ptr, png_infop info_ptr)
/* check max image size */
if (png->width <= 0 || png->height <= 0 ||
- png->width > (IMAGE_MAX_W * IMAGE_MAX_H) / png->height) {
+ png->width > IMAGE_MAX_AREA / png->height) {
MSG("Png_datainfo_callback: suspicious image size request %ldx%ld\n",
png->width, png->height);
Png_error_handling(png_ptr, "Aborting...");