Fix integer overflow in Imf::PreviewImage::PreviewImage, CVE-2009-1720 [1/2]. --- a/IlmImf/ImfPreviewImage.cpp +++ b/IlmImf/ImfPreviewImage.cpp @@ -40,6 +40,7 @@ //----------------------------------------------------------------------------- #include <ImfPreviewImage.h> +#include <climits> #include "Iex.h" namespace Imf { @@ -51,6 +52,10 @@ PreviewImage::PreviewImage (unsigned int { _width = width; _height = height; + + if ((_height && (_width > UINT_MAX / _height)) || (_width * _height > UINT_MAX / sizeof(PreviewRgba))) + throw Iex::ArgExc ("Invalid height and width."); + _pixels = new PreviewRgba [_width * _height]; if (pixels)