80d0f79256
Resolves: rhbz#1950141 , CVE-2019-19004
18 lines
700 B
Diff
18 lines
700 B
Diff
diff -urN autotrace-0.31.1.old/input-bmp.c autotrace-0.31.1/input-bmp.c
|
|
--- autotrace-0.31.1.old/input-bmp.c 2021-04-30 15:03:16.264446518 +0530
|
|
+++ autotrace-0.31.1/input-bmp.c 2021-04-30 15:06:14.682051209 +0530
|
|
@@ -220,6 +220,13 @@
|
|
* word length (32 bits == 4 bytes)
|
|
*/
|
|
|
|
+ unsigned long overflowTest = Bitmap_Head.biWidth * Bitmap_Head.biBitCnt;
|
|
+ if (overflowTest / Bitmap_Head.biWidth != Bitmap_Head.biBitCnt) {
|
|
+ LOG("Error reading BMP file header. Width is too large\n");
|
|
+ at_exception_fatal(&exp, "Error reading BMP file header. Width is too large");
|
|
+ goto cleanup;
|
|
+ }
|
|
+
|
|
rowbytes= ( (Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4;
|
|
|
|
#ifdef DEBUG
|