#331 Potential integer underflow in PSDParser.cpp
Hi,
seems I've found a potential integer underflow in PSDParser.cpp
https://github.com/WohlSoft/libFreeImage/blob/master/Source/FreeImage/PSDParser.cpp#L801
memcpy(dst_line_start, line_start, _Width * _BitPerPixel / 8);
In this line of code, observe that _Width * _BitPerPixel / 8 bytes of line_start are copied into dst_line_start.
It seems that the variable _Width may have an arbitrary integer value -see below-, so that _Width * _BitPerPixel / 8 is negative, which leads to integer underflow when type casted to size_t.
How _Width may contain negative value is as follows:
https://github.com/WohlSoft/libFreeImage/blob/master/Source/FreeImage/PSDParser.cpp#L749
n = (int)io->read_proc(IntValue, sizeof(IntValue), 1, handle);
Here, 4 bytes from an external file(handle) is copied into IntValue.
https://github.com/WohlSoft/libFreeImage/blob/master/Source/FreeImage/PSDParser.cpp#L751
_Width = psdGetValue(IntValue, sizeof(_Width) );
Then, IntValue is interpreted as an integer and then passed to _Width.