Overview

File djvulibre-CVE-2021-32490.patch of Package djvulibre

Index: djvulibre-3.5.27/libdjvu/IW44Image.cpp
===================================================================
--- djvulibre-3.5.27.orig/libdjvu/IW44Image.cpp	2014-08-01 04:33:59.000000000 +0200
+++ djvulibre-3.5.27/libdjvu/IW44Image.cpp	2021-05-11 15:14:31.834298479 +0200
@@ -687,7 +687,11 @@ IW44Image::Map::image(signed char *img8,
   size_t sz = bw * bh;
   if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
     G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
+  if (sz == 0)
+    G_THROW("IW44Image: zero size image (corrupted file?)");
   GPBuffer<short> gdata16(data16,sz);
+  if (data16 == NULL)
+    G_THROW("IW44Image: unable to allocate image data");
   // Copy coefficients
   int i;
   short *p = data16;
openSUSE Build Service is sponsored by
Places