From 9484e7da3ef86a20a9ce1f4c18391ce57c08d83c Mon Sep 17 00:00:00 2001
From: uwezkhan06 <uwezkhan053@gmail.com>
Date: Tue, 14 Apr 2026 21:52:12 +0530
Subject: [PATCH] guard against size_t overflow in output pixel allocation

---
 lib/jpegli/decode.cc | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/jpegli/decode.cc b/lib/jpegli/decode.cc
index baa619ab..96e0d1c8 100644
--- a/lib/jpegli/decode.cc
+++ b/lib/jpegli/decode.cc
@@ -419,8 +419,16 @@ bool IsInputReady(j_decompress_ptr cinfo) {
 bool ReadOutputPass(j_decompress_ptr cinfo) {
   jpeg_decomp_master* m = cinfo->master;
   if (!m->pixels_) {
+    if (cinfo->output_width != 0 &&
+        static_cast<size_t>(cinfo->out_color_components) >
+            SIZE_MAX / cinfo->output_width) {
+      JPEGLI_ERROR("Image dimensions too large");
+    }
     size_t stride =
         static_cast<size_t>(cinfo->out_color_components) * cinfo->output_width;
+    if (cinfo->output_height != 0 && stride > SIZE_MAX / cinfo->output_height) {
+      JPEGLI_ERROR("Image dimensions too large");
+    }
     size_t num_samples = cinfo->output_height * stride;
     m->pixels_ = Allocate<uint8_t>(cinfo, num_samples, JPOOL_IMAGE);
     m->scanlines_ =