Index: djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
===================================================================
--- djvulibre-3.5.28.orig/libdjvu/IW44EncodeCodec.cpp
+++ djvulibre-3.5.28/libdjvu/IW44EncodeCodec.cpp
@@ -1424,7 +1424,12 @@ IWBitmap::Encode::init(const GBitmap &bm
int h = bm.rows();
int g = bm.get_grays()-1;
signed char *buffer;
- GPBuffer<signed char> gbuffer(buffer,w*h);
+ size_t sz = w * h;
+ if (sz == 0 || g <= 0) // w or h is zero or g is not positive
+ G_THROW("IWBitmap: zero size image (corrupted file?)");
+ if (sz / (size_t)w != (size_t)h) // multiplication overflow
+ G_THROW("IWBitmap: image size exceeds maximum (corrupted file?)");
+ GPBuffer<signed char> gbuffer(buffer,sz);
// Prepare gray level conversion table
signed char bconv[256];
for (i=0; i<256; i++)