28 lines
912 B
Diff
28 lines
912 B
Diff
--- camlimages-3.0.1.old/src/tiffread.c 2007-01-18 10:29:57.000000000 +0000
|
|
+++ camlimages-3.0.1/src/tiffread.c 2009-10-16 10:26:53.841258260 +0100
|
|
@@ -21,6 +21,13 @@
|
|
#include <caml/memory.h>
|
|
#include <caml/fail.h>
|
|
|
|
+#include <limits.h>
|
|
+#define oversized(x, y) \
|
|
+ ((x) < 0 || (y) < 0 || ((y) != 0 && (x) > INT_MAX / (y)))
|
|
+
|
|
+#define failwith_oversized(lib) \
|
|
+ failwith("#lib error: image contains oversized or bogus width and height");
|
|
+
|
|
/* These are defined in caml/config.h */
|
|
#define int16 int16tiff
|
|
#define uint16 uint16tiff
|
|
@@ -64,6 +71,10 @@
|
|
TIFFGetField(tif, TIFFTAG_YRESOLUTION, &yres);
|
|
TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric);
|
|
|
|
+ if (oversized (imagewidth, imagelength)) {
|
|
+ failwith_oversized("tiff");
|
|
+ }
|
|
+
|
|
if( imagesample == 3 && photometric == PHOTOMETRIC_RGB ){
|
|
if( imagebits != 8 ){
|
|
failwith("Sorry, tiff rgb file must be 24bit-color");
|