diff options
author | Even Rouault <even.rouault@spatialys.com> | 2024-02-20 20:44:04 +0100 |
---|---|---|
committer | Albert Astals Cid <aacid@kde.org> | 2024-02-20 22:02:42 +0000 |
commit | 3d8dac5ec9f1cdedada07c4c2fc02e43d5e14f9e (patch) | |
tree | f4d4257ed02b5362ab18adcf6e7360587ca943a2 | |
parent | 8d66d756dad4fbde0cd1b8b0f1ce8b08caa7a19d (diff) |
Gfx::doImage(): avoid integer overflow if width * height > INT_MAX
Related to https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66523
-rw-r--r-- | poppler/Gfx.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/poppler/Gfx.cc b/poppler/Gfx.cc index 03465ae7..b1a030dc 100644 --- a/poppler/Gfx.cc +++ b/poppler/Gfx.cc @@ -4222,7 +4222,7 @@ void Gfx::doImage(Object *ref, Stream *str, bool inlineImg) goto err1; } - if (width < 1 || height < 1) { + if (width < 1 || height < 1 || width > INT_MAX / height) { goto err1; } |