diff options
Diffstat (limited to 'libpng/contrib/visupng')
-rw-r--r-- | libpng/contrib/visupng/PngFile.c | 6 | ||||
-rw-r--r-- | libpng/contrib/visupng/VisualPng.c | 10 |
2 files changed, 14 insertions, 2 deletions
diff --git a/libpng/contrib/visupng/PngFile.c b/libpng/contrib/visupng/PngFile.c index dcde18a3a..d46318f44 100644 --- a/libpng/contrib/visupng/PngFile.c +++ b/libpng/contrib/visupng/PngFile.c @@ -2,7 +2,7 @@ * PNGFILE.C -- Image File Functions *------------------------------------- * - * Copyright 2000, Willem van Schaik. + * Copyright 2000,2017 Willem van Schaik. * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer @@ -236,6 +236,10 @@ BOOL PngLoadImage (PTSTR pstrFileName, png_byte **ppbImageData, free (pbImageData); pbImageData = NULL; } + if ((*piHeight) > ((size_t)(-1))/ulRowBytes) { + { + png_error(png_ptr, "Visual PNG: image is too big"); + } if ((pbImageData = (png_byte *) malloc(ulRowBytes * (*piHeight) * sizeof(png_byte))) == NULL) { diff --git a/libpng/contrib/visupng/VisualPng.c b/libpng/contrib/visupng/VisualPng.c index 236525a59..20e1625fa 100644 --- a/libpng/contrib/visupng/VisualPng.c +++ b/libpng/contrib/visupng/VisualPng.c @@ -2,7 +2,7 @@ * VisualPng.C -- Shows a PNG image *------------------------------------ * - * Copyright 2000, Willem van Schaik. + * Copyright 2000,2017 Willem van Schaik. * * This code is released under the libpng license. * For conditions of distribution and use, see the disclaimer @@ -726,6 +726,10 @@ BOOL DisplayImage (HWND hwnd, BYTE **ppDib, pDib = NULL; } + if (cyWinSize > ((size_t)(-1))/wDIRowBytes) { + { + MessageBox (hwnd, TEXT ("Visual PNG: image is too big"); + } if (!(pDib = (BYTE *) malloc (sizeof(BITMAPINFOHEADER) + wDIRowBytes * cyWinSize))) { @@ -847,6 +851,10 @@ BOOL FillBitmap ( cxImgPos = (cxWinSize - cxNewSize) / 2; } + if (cyNewSize > ((size_t)(-1))/(cImgChannels * cxNewSize)) { + { + MessageBox (hwnd, TEXT ("Visual PNG: stretched image is too big"); + } pStretchedImage = malloc (cImgChannels * cxNewSize * cyNewSize); pImg = pStretchedImage; |