djvulibre/djvulibre-CVE-2021-32493.patch

--- a/libdjvu/GBitmap.cpp	
+++ a/libdjvu/GBitmap.cpp	
@@ -69,6 +69,7 @@ 
 #include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
+#include <climits>
 
 // - Author: Leon Bottou, 05/1997
 
@@ -1284,6 +1285,8 @@ GBitmap::decode(unsigned char *runs)
   // initialize pixel array
   if (nrows==0 || ncolumns==0)
     G_THROW( ERR_MSG("GBitmap.not_init") );
+  if (ncolumns > USHRT_MAX - border)
+    G_THROW("GBitmap: row size exceeds maximum (corrupted file?)");
   bytes_per_row = ncolumns + border;
   if (runs==0)
     G_THROW( ERR_MSG("GBitmap.null_arg") );