Sophie: djvulibre-3.5.28-1.1.mga8 src

djvulibre-3.5.28-1.1.mga8.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

From: "Barak A. Pearlmutter" <barak+git@pearlmutter.net>
Date: Mon, 10 May 2021 15:50:19 +0100
Subject: djvulibre-fedora Patch12
 djvulibre-3.5.27-unsigned-short-overflow.patch

---
 libdjvu/GBitmap.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp
index c2fdbe4..3d552a6 100644
--- a/libdjvu/GBitmap.cpp
+++ b/libdjvu/GBitmap.cpp
@@ -69,6 +69,7 @@
 #include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
+#include <limits.h>
 
 // - Author: Leon Bottou, 05/1997
 
@@ -1284,6 +1285,8 @@ GBitmap::decode(unsigned char *runs)
   // initialize pixel array
   if (nrows==0 || ncolumns==0)
     G_THROW( ERR_MSG("GBitmap.not_init") );
+  if (ncolumns > USHRT_MAX - border)
+    G_THROW("GBitmap: row size exceeds maximum (corrupted file?)");
   bytes_per_row = ncolumns + border;
   if (runs==0)
     G_THROW( ERR_MSG("GBitmap.null_arg") );