Gfx::doImage(): avoid integer overflow if width * height > INT_MAX

Related to https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66523
author: Even Rouault <even.rouault@spatialys.com> 2024-02-20 20:44:04 +0100
committer: Albert Astals Cid <aacid@kde.org> 2024-02-20 22:02:42 +0000
commit: 3d8dac5ec9f1cdedada07c4c2fc02e43d5e14f9e (patch)
tree: f4d4257ed02b5362ab18adcf6e7360587ca943a2
parent: 8d66d756dad4fbde0cd1b8b0f1ce8b08caa7a19d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/poppler/Gfx.cc b/poppler/Gfx.cc
index 03465ae7..b1a030dc 100644
--- a/poppler/Gfx.cc
+++ b/poppler/Gfx.cc
@@ -4222,7 +4222,7 @@ void Gfx::doImage(Object *ref, Stream *str, bool inlineImg)
         goto err1;
     }
 
-    if (width < 1 || height < 1) {
+    if (width < 1 || height < 1 || width > INT_MAX / height) {
         goto err1;
     }
author	Even Rouault <even.rouault@spatialys.com>	2024-02-20 20:44:04 +0100
committer	Albert Astals Cid <aacid@kde.org>	2024-02-20 22:02:42 +0000
commit	3d8dac5ec9f1cdedada07c4c2fc02e43d5e14f9e (patch)
tree	f4d4257ed02b5362ab18adcf6e7360587ca943a2
parent	8d66d756dad4fbde0cd1b8b0f1ce8b08caa7a19d (diff)