diff options
| author | Sebastian Rasmussen <sebras@gmail.com> | 2016-09-27 15:39:15 +0800 |
|---|---|---|
| committer | Sebastian Rasmussen <sebras@gmail.com> | 2016-09-27 20:04:04 +0800 |
| commit | 8aa2fca144f938a21f2dd9d1c862c79a48d50bfc (patch) | |
| tree | f7d5f8a8dfac97de8a517b13a6d1e5af4f86ddb8 /source | |
| parent | 2945b540908b2c05cc730335829726675028475b (diff) | |
| download | mupdf-8aa2fca144f938a21f2dd9d1c862c79a48d50bfc.tar.xz | |
Bug 697153: tiff: Image dimensions must always be bigger than 0.
Diffstat (limited to 'source')
| -rw-r--r-- | source/fitz/load-tiff.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/source/fitz/load-tiff.c b/source/fitz/load-tiff.c index e36914f1..8f548056 100644 --- a/source/fitz/load-tiff.c +++ b/source/fitz/load-tiff.c @@ -877,6 +877,10 @@ fz_decode_tiff_samples(fz_context *ctx, struct tiff *tiff) { unsigned i; + if (tiff->imagelength <= 0) + fz_throw(ctx, FZ_ERROR_GENERIC, "image height must be > 0"); + if (tiff->imagewidth <= 0) + fz_throw(ctx, FZ_ERROR_GENERIC, "image width must be > 0"); if (tiff->imagelength > UINT_MAX / tiff->imagewidth / (tiff->samplesperpixel + 2) / (tiff->bitspersample / 8 + 1)) fz_throw(ctx, FZ_ERROR_GENERIC, "image dimensions might overflow"); |