From af6c56558e35a645fa22a1a84f97d17a460b4ba1 Mon Sep 17 00:00:00 2001 From: Marti Maria Date: Thu, 11 Apr 2024 10:53:35 +0200 Subject: [PATCH] Fix a possible overflow on crafted CGATS files we now only allow rows * colums < 200,000 items which seems reasonable --- src/cmscgats.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/cmscgats.c b/src/cmscgats.c index 52b1094d..ab117e45 100644 --- a/src/cmscgats.c +++ b/src/cmscgats.c @@ -1684,7 +1684,8 @@ cmsBool AllocateDataSet(cmsIT8* it8) t-> nSamples = satoi(cmsIT8GetProperty(it8, "NUMBER_OF_FIELDS")); t-> nPatches = satoi(cmsIT8GetProperty(it8, "NUMBER_OF_SETS")); - if (t -> nSamples < 0 || t->nSamples > 0x7ffe || t->nPatches < 0 || t->nPatches > 0x7ffe) + if (t -> nSamples < 0 || t->nSamples > 0x7ffe || t->nPatches < 0 || t->nPatches > 0x7ffe || + (t->nPatches * t->nSamples) > 200000) { SynError(it8, "AllocateDataSet: too much data"); return FALSE;