42 lines
1.5 KiB
Diff
42 lines
1.5 KiB
Diff
From fd902c6702ef81008d7c91b09a0723661c0f9201 Mon Sep 17 00:00:00 2001
|
|
From: Chris Liddell <chris.liddell@artifex.com>
|
|
Date: Thu, 1 Oct 2020 16:06:31 +0100
|
|
Subject: [PATCH] oss-fuzz 23946: Move buffer bounds check to *before* using
|
|
it!
|
|
|
|
ASCII85Decode filter: We correctly bounds check the buffer size, but dumbly
|
|
were doing so *after* we'd used the relevant indices into the buffer. Change
|
|
that order, and add another check.
|
|
---
|
|
base/sa85d.c | 6 +++---
|
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/base/sa85d.c b/base/sa85d.c
|
|
index f9fa57fed..0fbef465a 100644
|
|
--- a/base/sa85d.c
|
|
+++ b/base/sa85d.c
|
|
@@ -135,9 +135,9 @@ s_A85D_process(stream_state * st, stream_cursor_read * pr,
|
|
* So we allow CR/LF between them. */
|
|
/* PDF further relaxes the requirements and accepts bare '~'.
|
|
*/
|
|
- while ((p[i] == 13 || p[i] == 10) && (p+i <= rlimit))
|
|
+ while ((p + i <= rlimit) && (p[i] == 13 || p[i] == 10))
|
|
i++;
|
|
- if (p[i] != '>') {
|
|
+ if (p + i <= rlimit && p[i] != '>') {
|
|
if (ss->pdf_rules) {
|
|
if (p[i] == 13 || p[i] == 10) {
|
|
if (!last)
|
|
@@ -146,7 +146,7 @@ s_A85D_process(stream_state * st, stream_cursor_read * pr,
|
|
p--;
|
|
}
|
|
} else {
|
|
- if (p+i == rlimit) {
|
|
+ if (p + i == rlimit) {
|
|
if (last)
|
|
status = ERRC;
|
|
else
|
|
--
|
|
2.27.0
|
|
|