diff options
| author | Tor Andersson <tor@ghostscript.com> | 2011-03-10 00:03:16 +0000 |
|---|---|---|
| committer | Tor Andersson <tor@ghostscript.com> | 2011-03-10 00:03:16 +0000 |
| commit | 3dfc6934f9a0e355991a021ba995686714975499 (patch) | |
| tree | 8a249dcfa3fe7aba7d14ea31f9229e4af973cfe9 /fitz/stm_read.c | |
| parent | 7a6ca333ec50269f98e4395967d1a437cf658194 (diff) | |
| download | mupdf-3dfc6934f9a0e355991a021ba995686714975499.tar.xz | |
Fix integer overflow in compression bomb multiplication by using a division instead.
Diffstat (limited to 'fitz/stm_read.c')
| -rw-r--r-- | fitz/stm_read.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fitz/stm_read.c b/fitz/stm_read.c index e5ead914..10626e5d 100644 --- a/fitz/stm_read.c +++ b/fitz/stm_read.c @@ -110,7 +110,7 @@ fz_readall(fz_buffer **bufp, fz_stream *stm, int initial) if (buf->len == buf->cap) fz_growbuffer(buf); - if (buf->len > initial * 200) + if (buf->len / 200 > initial) { fz_dropbuffer(buf); return fz_throw("compression bomb detected"); |