Overview

File djvulibre-CVE-2021-32490,46310.patch of Package djvulibre.30379

Index: djvulibre-3.5.25/libdjvu/IW44Image.cpp
===================================================================
--- djvulibre-3.5.25.orig/libdjvu/IW44Image.cpp
+++ djvulibre-3.5.25/libdjvu/IW44Image.cpp
@@ -684,7 +684,12 @@ IW44Image::Map::image(signed char *img8,
 {
   // Allocate reconstruction buffer
   short *data16;
-  GPBuffer<short> gdata16(data16,bw*bh);
+  size_t sz = bw * bh;
+  if (sz == 0) // bw or bh is zero
+    G_THROW("IW44Image: zero size image (corrupted file?)");
+  if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
+    G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
+  GPBuffer<short> gdata16(data16,sz);
   // Copy coefficients
   int i;
   short *p = data16;
openSUSE Build Service is sponsored by
Places