1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
commit f12b9666e582a8e7b70f11b28e5ffc49ad625d43
Author: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Sat Sep 11 18:12:33 2021 -0400
Fix BMP crash bug (Issue #444)
Index: htmldoc-1.9.3/htmldoc/image.cxx
===================================================================
--- htmldoc-1.9.3.orig/htmldoc/image.cxx 2022-02-26 01:01:53.117543638 +0100
+++ htmldoc-1.9.3/htmldoc/image.cxx 2022-02-26 01:01:53.117543638 +0100
@@ -900,6 +900,9 @@
colors_used = (int)read_dword(fp);
read_dword(fp);
+ if (img->width <= 0 || img->width > 8192 || img->height <= 0 || img->height > 8192)
+ return (-1);
+
if (info_size > 40)
for (info_size -= 40; info_size > 0; info_size --)
getc(fp);
@@ -911,7 +914,7 @@
fread(colormap, (size_t)colors_used, 4, fp);
// Setup image and buffers...
- img->depth = gray ? 1 : 3;
+ img->depth = gray ? 1 : 3;
// If this image is indexed and we are writing an encrypted PDF file, bump the use count so
// we create an image object (Acrobat 6 bug workaround)
@@ -1061,7 +1064,7 @@
if (bit == 0xf0)
{
if (color < 0)
- temp = getc(fp);
+ temp = getc(fp) & 255;
else
temp = color;
|
