djvulibre/djvulibre-CVE-2021-32490.patch

17 lines
755 B
Diff

Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp 2020-11-20 17:57:32.000000000 +0100
+++ djvulibre-3.5.28/libdjvu/IW44Image.cpp 2021-05-11 15:14:54.034421423 +0200
@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8,
size_t sz = bw * bh;
if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
+ if (sz == 0)
+ G_THROW("IW44Image: zero size image (corrupted file?)");
GPBuffer<short> gdata16(data16,sz);
+ if (data16 == NULL)
+ G_THROW("IW44Image: unable to allocate image data");
// Copy coefficients
int i;
short *p = data16;