fixed buffer overrun bug in wrlib when creating or loading images

ChangeLog

@@ -20,7 +20,7 @@ Changes since version 0.80.1:
   transparency. Details in WINGs/ChangeLog.
 - Fixed problem with long, preset workspace names (Wanderlei Antonio Cavassin 
   <cavassin@conectiva.com.br>)
-- Added kinput2 bug workaround in stock WMWindowAttributes (Seiichi SATO 
+- Added kinput2 bug workaround to stock WMWindowAttributes (Seiichi SATO 
   <sato@cvs-net.co.jp>)
 - Added Belarusian translation (Ihar Viarheichyk <iverg@mail.ru>)
 - Fixed wrlib not to load braindead images with 0 sized width or height
@@ -28,6 +28,7 @@ Changes since version 0.80.1:
   with Shift key while moving windows.
 - Changed the default position display while moving a window to 'Center'.
 - Better outline when drawing balloons.
+- Fixed wrlib to not accept too large images (fixes buffer overflow)
 
 
 Changes since version 0.80.0:

wrlib/raster.c

@@ -24,6 +24,7 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
+#include <limits.h>
 #include <X11/Xlib.h>
 #include "wraster.h"
 
@@ -45,6 +46,12 @@ RCreateImage(unsigned width, unsigned height, int alpha)
     
     assert(width>0 && height>0);
     
+    /* check for too large images (cap on INT_MAX just to be sure :P) */
+    if (width > (INT_MAX/4)/height+4) {
+	RErrorCode = RERR_NOMEMORY;
+	return NULL;
+    }
+
     image = malloc(sizeof(RImage));
     if (!image) {
 	RErrorCode = RERR_NOMEMORY;