From 0fa4cf8a86d7f23a3e8336343c1895aa634fdc76 Mon Sep 17 00:00:00 2001
From: chenk <chenk@apical.com.cn>
Date: Wed, 2 Jun 2021 09:51:55 +0800
Subject: [PATCH] fix issue #38.

---
 src/bmp.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/bmp.c b/src/bmp.c
index 62de954..eb8fa6e 100644
--- a/src/bmp.c
+++ b/src/bmp.c
@@ -41,6 +41,10 @@ int bmp_load(BMP *pb, char *file)
     pb->width  = (int)header.biWidth  > 0 ? (int)header.biWidth  : 0;
     pb->height = (int)header.biHeight > 0 ? (int)header.biHeight : 0;
     pb->stride = ALIGN(pb->width * 3, 4);
+    if ((long long)pb->stride * pb->height >= 0x80000000) {
+        printf("bmp's width * height is out of range !\n");
+        goto done;
+    }
     pb->pdata  = malloc((size_t)pb->stride * pb->height);
     if (pb->pdata) {
         pdata  = (BYTE*)pb->pdata + pb->stride * pb->height;
@@ -50,7 +54,8 @@ int bmp_load(BMP *pb, char *file)
         }
     }
 
-    fclose(fp);
+done:
+    if (fp) fclose(fp);
     return pb->pdata ? 0 : -1;
 }