djvulibre/djvulibre-CVE-2021-46310.patch

18 lines
781 B
Diff
Raw Normal View History

Index: djvulibre-3.5.28/libdjvu/IW44Image.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44Image.cpp
+++ djvulibre-3.5.28/libdjvu/IW44Image.cpp
@@ -676,10 +676,10 @@ IW44Image::Map::image(signed char *img8,
// Allocate reconstruction buffer
short *data16;
size_t sz = bw * bh;
+ if (sz == 0) // bw or bh is zero
+ G_THROW("IW44Image: zero size image (corrupted file?)");
if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
- if (sz == 0)
- G_THROW("IW44Image: zero size image (corrupted file?)");
GPBuffer<short> gdata16(data16,sz);
if (data16 == NULL)
G_THROW("IW44Image: unable to allocate image data");