djvulibre/djvulibre-CVE-2021-32490.patch

Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp	2020-11-20 17:57:32.000000000 +0100
+++ djvulibre-3.5.28/libdjvu/IW44Image.cpp	2021-05-11 15:14:54.034421423 +0200
@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8,
   size_t sz = bw * bh;
   if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
     G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
+  if (sz == 0)
+    G_THROW("IW44Image: zero size image (corrupted file?)");
   GPBuffer<short> gdata16(data16,sz);
+  if (data16 == NULL)
+    G_THROW("IW44Image: unable to allocate image data");
   // Copy coefficients
   int i;
   short *p = data16;
Sync from SUSE:ALP:Source:Standard:1.0 djvulibre revision 79fc0547f6366f68b1b3cbf5180289aa 2023-09-14 09:34:46 +02:00			`Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp`
			`===================================================================`
			`--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp 2020-11-20 17:57:32.000000000 +0100`
			`+++ djvulibre-3.5.28/libdjvu/IW44Image.cpp 2021-05-11 15:14:54.034421423 +0200`
			`@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8,`
			`size_t sz = bw * bh;`
			`if (sz / (size_t)bw != (size_t)bh) // multiplication overflow`
			`G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");`
			`+ if (sz == 0)`
			`+ G_THROW("IW44Image: zero size image (corrupted file?)");`
			`GPBuffer<short> gdata16(data16,sz);`
			`+ if (data16 == NULL)`
			`+ G_THROW("IW44Image: unable to allocate image data");`
			`// Copy coefficients`
			`int i;`
			`short *p = data16;`