From fd902c6702ef81008d7c91b09a0723661c0f9201 Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Thu, 1 Oct 2020 16:06:31 +0100
Subject: [PATCH] oss-fuzz 23946: Move buffer bounds check to *before* using
 it!

ASCII85Decode filter: We correctly bounds check the buffer size, but dumbly
were doing so *after* we'd used the relevant indices into the buffer. Change
that order, and add another check.
---
 base/sa85d.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/base/sa85d.c b/base/sa85d.c
index f9fa57fed..0fbef465a 100644
--- a/base/sa85d.c
+++ b/base/sa85d.c
@@ -135,9 +135,9 @@ s_A85D_process(stream_state * st, stream_cursor_read * pr,
              * So we allow CR/LF between them. */
             /* PDF further relaxes the requirements and accepts bare '~'.
              */
-            while ((p[i] == 13 || p[i] == 10) && (p+i <= rlimit))
+            while ((p + i <= rlimit) && (p[i] == 13 || p[i] == 10))
                 i++;
-            if (p[i] != '>') {
+            if (p + i <= rlimit && p[i] != '>') {
                 if (ss->pdf_rules) {
                     if (p[i] == 13 || p[i] == 10) {
                         if (!last)
@@ -146,7 +146,7 @@ s_A85D_process(stream_state * st, stream_cursor_read * pr,
                         p--;
                     }
                 } else {
-                    if (p+i == rlimit) {
+                    if (p + i == rlimit) {
                         if (last)
                             status = ERRC;
                         else
-- 
2.27.0