From 8aa2fca144f938a21f2dd9d1c862c79a48d50bfc Mon Sep 17 00:00:00 2001 From: Sebastian Rasmussen Date: Tue, 27 Sep 2016 15:39:15 +0800 Subject: Bug 697153: tiff: Image dimensions must always be bigger than 0. --- source/fitz/load-tiff.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source') diff --git a/source/fitz/load-tiff.c b/source/fitz/load-tiff.c index e36914f1..8f548056 100644 --- a/source/fitz/load-tiff.c +++ b/source/fitz/load-tiff.c @@ -877,6 +877,10 @@ fz_decode_tiff_samples(fz_context *ctx, struct tiff *tiff) { unsigned i; + if (tiff->imagelength <= 0) + fz_throw(ctx, FZ_ERROR_GENERIC, "image height must be > 0"); + if (tiff->imagewidth <= 0) + fz_throw(ctx, FZ_ERROR_GENERIC, "image width must be > 0"); if (tiff->imagelength > UINT_MAX / tiff->imagewidth / (tiff->samplesperpixel + 2) / (tiff->bitspersample / 8 + 1)) fz_throw(ctx, FZ_ERROR_GENERIC, "image dimensions might overflow"); -- cgit v1.2.3