From bb20556b6d67c7c0316912b05959b2d1e91a80df Mon Sep 17 00:00:00 2001
From: John Cupitt <jcupitt@gmail.com>
Date: Sun, 2 Feb 2020 11:13:41 +0000
Subject: [PATCH] ban ppm max_value < 0

Not allowed by spec, since pixels should be unsigned.
---
 ChangeLog                 | 1 +
 libvips/foreign/ppmload.c | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 1f8ddd3c..b0c34087 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 31/1/19 started 8.9.2
 - fix a deadlock with --vips-leak [DarthSim]
 - better gifload behaviour for DISPOSAL_UNSPECIFIED [DarthSim]
+- ban ppm max_value < 0 
 
 20/6/19 started 8.9.1
 - don't use the new source loaders for new_from_file or new_from_buffer, it
diff --git a/libvips/foreign/ppmload.c b/libvips/foreign/ppmload.c
index 78709f4b..6df91058 100644
--- a/libvips/foreign/ppmload.c
+++ b/libvips/foreign/ppmload.c
@@ -35,6 +35,8 @@
  * 	- redone with source/target
  * 	- sequential load, plus mmap for filename sources
  * 	- faster plus lower memory use
+ * 02/02/2020
+ * 	- ban max_vaue < 0 
  */
 
 /*
@@ -259,6 +261,12 @@ vips_foreign_load_ppm_parse_header( VipsForeignLoadPpm *ppm )
 			if( get_int( ppm->sbuf, &ppm->max_value ) )
 				return( -1 );
 
+			/* max_value must be > 0 and <= 65535, according to
+			 * the spec, but we allow up to 32 bits per pixel.
+			 */
+			if( ppm->max_value < 0 )
+				ppm->max_value = 0;
+
 			if( ppm->max_value > 255 )
 				ppm->bits = 16;
 			if( ppm->max_value > 65535 )