changeset 1202:f77f7973534e

use IMAGE_MAX_AREA instead of IMAGE_MAX_W and IMAGE_MAX_H
author Johannes Hofmann <Johannes.Hofmann@gmx.de>
date Mon, 29 Jun 2009 18:59:45 +0200
parents cabde55d0e05
children 35b44dd22e08
files src/gif.c src/html.cc src/image.hh src/jpeg.c src/png.c
diffstat 5 files changed, 5 insertions(+), 7 deletions(-) [+]
line wrap: on
line diff
--- a/src/gif.c	Sat Jun 27 14:45:41 2009 +0000
+++ b/src/gif.c	Mon Jun 29 18:59:45 2009 +0200
@@ -815,7 +815,7 @@
 
    /* check max image size */
    if (gif->Width <= 0 || gif->Height <= 0 ||
-       gif->Width > (IMAGE_MAX_W * IMAGE_MAX_H) / gif->Height) {
+       gif->Width > IMAGE_MAX_AREA / gif->Height) {
       MSG("Gif_do_img_desc: suspicious image size request %ux%u\n",
           gif->Width, gif->Height);
       gif->state = 999;
--- a/src/html.cc	Sat Jun 27 14:45:41 2009 +0000
+++ b/src/html.cc	Mon Jun 29 18:59:45 2009 +0200
@@ -1984,7 +1984,7 @@
       h = (int) (CSS_LENGTH_TYPE(l_h) == CSS_LENGTH_TYPE_PX ?
                  CSS_LENGTH_VALUE(l_h) : 0);
    }
-   if (w < 0 || h < 0 || abs(w*h) > IMAGE_MAX_W * IMAGE_MAX_H) {
+   if (w < 0 || h < 0 || abs(w*h) > IMAGE_MAX_AREA) {
       dFree(width_ptr);
       dFree(height_ptr);
       width_ptr = height_ptr = NULL;
--- a/src/image.hh	Sat Jun 27 14:45:41 2009 +0000
+++ b/src/image.hh	Mon Jun 29 18:59:45 2009 +0200
@@ -17,9 +17,7 @@
  */
 
 /* Arbitrary maximum for image size (to avoid image size-crafting attacks). */
-#define IMAGE_MAX_W  6000
-#define IMAGE_MAX_H  6000
-
+#define IMAGE_MAX_AREA (6000 * 6000)
 
 /*
  * Types
--- a/src/jpeg.c	Sat Jun 27 14:45:41 2009 +0000
+++ b/src/jpeg.c	Mon Jun 29 18:59:45 2009 +0200
@@ -282,7 +282,7 @@
          /* check max image size */
          if (jpeg->cinfo.image_width <= 0 || jpeg->cinfo.image_height <= 0 ||
              jpeg->cinfo.image_width > 
-             (IMAGE_MAX_W * IMAGE_MAX_H) / jpeg->cinfo.image_height) {
+             IMAGE_MAX_AREA / jpeg->cinfo.image_height) {
             MSG("Jpeg_write: suspicious image size request %ux%u\n",
                 (uint_t)jpeg->cinfo.image_width,
                 (uint_t)jpeg->cinfo.image_height);
--- a/src/png.c	Sat Jun 27 14:45:41 2009 +0000
+++ b/src/png.c	Mon Jun 29 18:59:45 2009 +0200
@@ -136,7 +136,7 @@
 
    /* check max image size */
    if (png->width <= 0 || png->height <= 0 ||
-       png->width > (IMAGE_MAX_W * IMAGE_MAX_H) / png->height) {
+       png->width > IMAGE_MAX_AREA / png->height) {
       MSG("Png_datainfo_callback: suspicious image size request %ldx%ld\n",
           png->width, png->height);
       Png_error_handling(png_ptr, "Aborting...");