diff options
author | Uli Schlachter <psychon@znc.in> | 2023-01-01 09:43:33 +0100 |
---|---|---|
committer | Uli Schlachter <psychon@znc.in> | 2023-01-01 09:43:33 +0100 |
commit | d623090b32a15df12d09f82c5da2ad65bfd5ec12 (patch) | |
tree | 8d788cab7ab4f64fe8472f8e81c28431843007f3 /src/cairo-image-info.c | |
parent | 52e964da69abe87327b77fe4e47b0da239d0e1cf (diff) | |
download | cairo-d623090b32a15df12d09f82c5da2ad65bfd5ec12.tar.gz |
Fix an out of bounds read in _jbig2_get_next_segment()
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38451
Signed-off-by: Uli Schlachter <psychon@znc.in>
Diffstat (limited to 'src/cairo-image-info.c')
-rw-r--r-- | src/cairo-image-info.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/cairo-image-info.c b/src/cairo-image-info.c index f207ae887..9b5e2d2e2 100644 --- a/src/cairo-image-info.c +++ b/src/cairo-image-info.c @@ -348,6 +348,8 @@ _jbig2_get_next_segment (const unsigned char *p, num_segs = p[0] >> 5; if (num_segs == 7) { + if (p + 4 >= end) + return NULL; num_segs = get_unaligned_be32 (p) & 0x1fffffff; ref_seg_bytes = 4 + ((num_segs + 1)/8); } else { |