Blame SOURCES/autotrace-0.31.1-CVE-2019-19004.patch

b7cf7d
diff -urN autotrace-0.31.1.old/input-bmp.c autotrace-0.31.1/input-bmp.c
b7cf7d
--- autotrace-0.31.1.old/input-bmp.c	2021-04-30 15:03:16.264446518 +0530
b7cf7d
+++ autotrace-0.31.1/input-bmp.c	2021-04-30 15:06:14.682051209 +0530
b7cf7d
@@ -220,6 +220,13 @@
b7cf7d
    * word length (32 bits == 4 bytes)
b7cf7d
    */
b7cf7d
 
b7cf7d
+  unsigned long overflowTest = Bitmap_Head.biWidth * Bitmap_Head.biBitCnt;
b7cf7d
+  if (overflowTest / Bitmap_Head.biWidth != Bitmap_Head.biBitCnt) {
b7cf7d
+    LOG("Error reading BMP file header. Width is too large\n");
b7cf7d
+    at_exception_fatal(&exp, "Error reading BMP file header. Width is too large");
b7cf7d
+    goto cleanup;
b7cf7d
+  }
b7cf7d
+
b7cf7d
   rowbytes= ( (Bitmap_Head.biWidth * Bitmap_Head.biBitCnt - 1) / 32) * 4 + 4;  
b7cf7d
 
b7cf7d
 #ifdef DEBUG