Fix a possible overflow on crafted CGATS files

we now only allow rows * colums < 200,000 items which seems reasonable
mm2 · Apr 11, 2024 · af6c565 · af6c565
1 parent 4635588
commit af6c565
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/cmscgats.c b/src/cmscgats.c
@@ -1684,7 +1684,8 @@ cmsBool AllocateDataSet(cmsIT8* it8)
     t-> nSamples   = satoi(cmsIT8GetProperty(it8, "NUMBER_OF_FIELDS"));
     t-> nPatches   = satoi(cmsIT8GetProperty(it8, "NUMBER_OF_SETS"));
 
-    if (t -> nSamples < 0 || t->nSamples > 0x7ffe || t->nPatches < 0 || t->nPatches > 0x7ffe)
+    if (t -> nSamples < 0 || t->nSamples > 0x7ffe || t->nPatches < 0 || t->nPatches > 0x7ffe || 
+        (t->nPatches * t->nSamples) > 200000)
     {
         SynError(it8, "AllocateDataSet: too much data");
         return FALSE;