18 lines
786 B
Diff
18 lines
786 B
Diff
Index: cups-1.2.12/pdftops/Stream.cxx
|
|
===================================================================
|
|
--- cups-1.2.12.orig/pdftops/Stream.cxx
|
|
+++ cups-1.2.12/pdftops/Stream.cxx
|
|
@@ -1956,6 +1956,12 @@ void DCTStream::reset() {
|
|
// allocate a buffer for the whole image
|
|
bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth;
|
|
bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight;
|
|
+ if (bufWidth <= 0 || bufHeight <= 0 ||
|
|
+ bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) {
|
|
+ error(getPos(), "Invalid image size in DCT stream");
|
|
+ y = height;
|
|
+ return;
|
|
+ }
|
|
for (i = 0; i < numComps; ++i) {
|
|
frameBuf[i] = (int *)gmallocn(bufWidth * bufHeight, sizeof(int));
|
|
memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int));
|