fdo-mirrors/cairo
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/cairo/cairo.git synced 2026-02-04 10:40:58 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix an out of bounds read in _jbig2_get_next_segment()

Browse source 
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38451
Signed-off-by: Uli Schlachter <psychon@znc.in>
This commit is contained in:
Uli Schlachter 2023-01-01 09:43:33 +01:00
parent 52e964da69
commit d623090b32
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/cairo-image-info.c
View file

@ -348,6 +348,8 @@ _jbig2_get_next_segment (const unsigned char *p,
num_segs = p[0] >> 5;
if (num_segs == 7) {
if (p + 4 >= end)
return NULL;
num_segs = get_unaligned_be32 (p) & 0x1fffffff;
ref_seg_bytes = 4 + ((num_segs + 1)/8);
} else {