From 38e0485fcd8fc3f6dbae016bf5c7508296f71cff Mon Sep 17 00:00:00 2001
From: "Edward Z. Yang" <edwardzyang@thewritingpot.com>
Date: Tue, 15 Aug 2006 22:53:12 +0000
Subject: [PATCH] Prevent image crash attacks.

git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@268 48356398-32a2-884e-a903-53898d9a118a
---
 library/HTMLPurifier/AttrDef/Pixels.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/library/HTMLPurifier/AttrDef/Pixels.php b/library/HTMLPurifier/AttrDef/Pixels.php
index 652b4269..98a6e18f 100644
--- a/library/HTMLPurifier/AttrDef/Pixels.php
+++ b/library/HTMLPurifier/AttrDef/Pixels.php
@@ -19,7 +19,11 @@ class HTMLPurifier_AttrDef_Pixels extends HTMLPurifier_AttrDef
         
         if ($int < 0) return '0';
         
-        // could use some upper-bound checking
+        // upper-bound value, extremely high values can
+        // crash operating systems, see <http://ha.ckers.org/imagecrash.html>
+        // WARNING, above link WILL crash you if you're using Windows
+        
+        if ($int > 1200) return '1200';
         
         return (string) $int;