Possible integer overflow in morph_TF_map()
From https://bugs.launchpad.net/ubuntu/+source/libfprint/+bug/1745454/comments/2
- morph_TF_map() multiplies mw and mh together for memory allocations, loop bounds; I could not find any constraints on inputs for these parameters. It's possible the inputs come from within the library, I lost track at a global parameter. I think this routine should enforce reasonable sizes on these parameters before performing memory allocation and calcuating loop bounds.