Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2bb054c

Browse files
mdboommdboom
committed
Add some range checking based on testing in Fusil.
svn path=/trunk/matplotlib/; revision=5733
1 parent 4be1c6c commit 2bb054c

2 files changed

Lines changed: 40 additions & 7 deletions

File tree

src/_backend_agg.cpp

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1611,10 +1611,26 @@ Py::Object _backend_agg_module::new_renderer (const Py::Tuple &args,
16111611
if ( kws.hasKey("debug") ) debug = Py::Int( kws["debug"] );
16121612
else debug=0;
16131613

1614-
int width = Py::Int(args[0]);
1615-
int height = Py::Int(args[1]);
1614+
unsigned int width = (unsigned int)Py::Int(args[0]);
1615+
unsigned int height = (unsigned int)Py::Int(args[1]);
16161616
double dpi = Py::Float(args[2]);
1617-
return Py::asObject(new RendererAgg(width, height, dpi, debug));
1617+
1618+
if (width > 1 << 15 || height > 1 << 15) {
1619+
throw Py::ValueError("width and height must each be below 32768");
1620+
}
1621+
1622+
if (dpi <= 0.0) {
1623+
throw Py::ValueError("dpi must be positive");
1624+
}
1625+
1626+
RendererAgg* renderer = NULL;
1627+
try {
1628+
renderer = new RendererAgg(width, height, dpi, debug);
1629+
} catch (std::bad_alloc) {
1630+
throw Py::RuntimeError("Could not allocate memory for image");
1631+
}
1632+
1633+
return Py::asObject(renderer);
16181634
}
16191635

16201636

src/_image.cpp

Lines changed: 21 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -708,8 +708,12 @@ _image_module::from_images(const Py::Tuple& args) {
708708

709709
args.verify_length(3);
710710

711-
size_t numrows = Py::Int(args[0]);
712-
size_t numcols = Py::Int(args[1]);
711+
size_t numrows = (size_t)Py::Int(args[0]);
712+
size_t numcols = (size_t)Py::Int(args[1]);
713+
714+
if (numrows > 1 << 15 || numcols > 1 << 15) {
715+
throw Py::RuntimeError("numrows and numcols must both be less than 32768");
716+
}
713717

714718
Py::SeqBase<Py::Object> tups = args[2];
715719
size_t N = tups.length();
@@ -1084,8 +1088,13 @@ _image_module::frombuffer(const Py::Tuple& args) {
10841088
args.verify_length(4);
10851089

10861090
PyObject *bufin = new_reference_to(args[0]);
1087-
int x = Py::Int(args[1]);
1088-
int y = Py::Int(args[2]);
1091+
size_t x = Py::Int(args[1]);
1092+
size_t y = Py::Int(args[2]);
1093+
1094+
if (x > 1 << 15 || y > 1 << 15) {
1095+
throw Py::ValueError("x and y must both be less than 32768");
1096+
}
1097+
10891098
int isoutput = Py::Int(args[3]);
10901099

10911100
if (PyObject_CheckReadBuffer(bufin) != 1)
@@ -1155,6 +1164,10 @@ _image_module::pcolor(const Py::Tuple& args) {
11551164
unsigned int cols = Py::Int(args[4]);
11561165
Py::Tuple bounds = args[5];
11571166

1167+
if (rows > 1 << 15 || cols > 1 << 15) {
1168+
throw Py::ValueError("rows and cols must both be less than 32768");
1169+
}
1170+
11581171
if (bounds.length() !=4)
11591172
throw Py::TypeError("Incorrect number of bounds (4 expected)");
11601173
float x_min = Py::Float(bounds[0]);
@@ -1391,6 +1404,10 @@ _image_module::pcolor2(const Py::Tuple& args) {
13911404
Py::Tuple bounds = args[5];
13921405
Py::Object bgp = args[6];
13931406

1407+
if (rows > 1 << 15 || cols > 1 << 15) {
1408+
throw Py::ValueError("rows and cols must both be less than 32768");
1409+
}
1410+
13941411
if (bounds.length() !=4)
13951412
throw Py::TypeError("Incorrect number of bounds (4 expected)");
13961413
double x_left = Py::Float(bounds[0]);

0 commit comments

Comments
 (0)