From 25e8e95e38fc6d4185230a0a8bbe5497fad56587 Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Tue, 4 May 2021 16:31:35 +0200
Subject: [PATCH] Check image size for 0

Resolves: #1943408
---
 djvulibre-3.5.27-check-image-size.patch | 16 ++++++++++++++++
 djvulibre.spec                          |  8 +++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 djvulibre-3.5.27-check-image-size.patch

diff --git a/djvulibre-3.5.27-check-image-size.patch b/djvulibre-3.5.27-check-image-size.patch
new file mode 100644
index 0000000..9d0d5b8
--- /dev/null
+++ b/djvulibre-3.5.27-check-image-size.patch
@@ -0,0 +1,16 @@
+diff --git a/libdjvu/IW44Image.cpp b/libdjvu/IW44Image.cpp
+index e8d4b44..aa3d554 100644
+--- a/libdjvu/IW44Image.cpp
++++ b/libdjvu/IW44Image.cpp
+@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8, int rowsize, int pixsep, int fast)
+   size_t sz = bw * bh;
+   if (sz / (size_t)bw != (size_t)bh) // multiplication overflow
+     G_THROW("IW44Image: image size exceeds maximum (corrupted file?)");
++  if (sz == 0)
++    G_THROW("IW44Image: zero size image (corrupted file?)");
+   GPBuffer<short> gdata16(data16,sz);
++  if (data16 == NULL)
++    G_THROW("IW44Image: unable to allocate image data");
+   // Copy coefficients
+   int i;
+   short *p = data16;
diff --git a/djvulibre.spec b/djvulibre.spec
index cb929a6..060d75d 100644
--- a/djvulibre.spec
+++ b/djvulibre.spec
@@ -3,7 +3,7 @@
 Summary: DjVu viewers, encoders, and utilities
 Name: djvulibre
 Version: 3.5.27
-Release: 23%{?dist}
+Release: 24%{?dist}
 License: GPLv2+
 URL: http://djvu.sourceforge.net/
 Source0: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz
@@ -15,6 +15,7 @@ Patch4: djvulibre-3.5.27-stack-overflow.patch
 Patch5: djvulibre-3.5.27-zero-bytes-check.patch
 Patch6: djvulibre-3.5.27-export-file.patch
 Patch7: djvulibre-3.5.27-null-dereference.patch
+Patch8: djvulibre-3.5.27-check-image-size.patch
 
 Requires(post): xdg-utils
 Requires(preun): xdg-utils
@@ -74,6 +75,7 @@ Development files for DjVuLibre.
 %patch5 -p1 -b .zero-bytes-check
 %patch6 -p1 -b .export-file
 %patch7 -p1 -b .null-dereference
+%patch8 -p1 -b .check-image-size
 
 
 %build 
@@ -181,6 +183,10 @@ fi
 
 
 %changelog
+* Mon May 03 2021 Marek Kasik <mkasik@redhat.com> - 3.5.27-24
+- Check image size for 0
+- Resolves: #1943408
+
 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.27-23
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild