38 lines
1.2 KiB
Diff
38 lines
1.2 KiB
Diff
From 30842ee99923fa10a7301494fd08b998e7acf57b Mon Sep 17 00:00:00 2001
|
|
From: Sebastian Rasmussen <sebras@gmail.com>
|
|
Date: Sun, 15 Sep 2019 18:12:31 +0200
|
|
Subject: [PATCH] jbig2dec: Add overflow detection for IAID context size.
|
|
|
|
---
|
|
jbig2dec/jbig2_arith_iaid.c | 13 +++++++++++--
|
|
1 file changed, 11 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/jbig2dec/jbig2_arith_iaid.c b/jbig2dec/jbig2_arith_iaid.c
|
|
index 78dc830..bbc38a0 100644
|
|
--- a/jbig2dec/jbig2_arith_iaid.c
|
|
+++ b/jbig2dec/jbig2_arith_iaid.c
|
|
@@ -44,9 +44,18 @@ struct _Jbig2ArithIaidCtx {
|
|
Jbig2ArithIaidCtx *
|
|
jbig2_arith_iaid_ctx_new(Jbig2Ctx *ctx, int SBSYMCODELEN)
|
|
{
|
|
- Jbig2ArithIaidCtx *result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1);
|
|
- int ctx_size = 1 << SBSYMCODELEN;
|
|
+ Jbig2ArithIaidCtx *result;
|
|
+ size_t ctx_size;
|
|
|
|
+ if (sizeof(ctx_size) * 8 <= SBSYMCODELEN)
|
|
+ {
|
|
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "requested IAID arithmetic coding state size too large");
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+ ctx_size = 1 << SBSYMCODELEN;
|
|
+
|
|
+ result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1);
|
|
if (result == NULL) {
|
|
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "failed to allocate IAID arithmetic coding state");
|
|
return NULL;
|
|
--
|
|
1.8.3.1
|
|
|