diff options
author | Sebastian Rasmussen <sebras@gmail.com> | 2019-10-17 01:48:00 +0200 |
---|---|---|
committer | Sebastian Rasmussen <sebras@gmail.com> | 2020-03-20 17:56:08 +0800 |
commit | ea9b3a676a516a603fabb593085d14a67356db6f (patch) | |
tree | 54c4af5e66ac6e6470a2669140fae3219ba9e249 /base/sjbig2.c | |
parent | 92faea67b31570e84b978a77b43c8f38bdad7bd4 (diff) | |
download | ghostpdl-ea9b3a676a516a603fabb593085d14a67356db6f.tar.gz |
Bug 701721: jbig2dec: Fix under/overflow handling in arithmetic integer decoder.
The previous detection logic caused GCC's -Wlogical-op to trip.
Not only that, but the detection logic never took into account
that underflow is not possible (the worst case is V == INT32_MIN,
but offset is always > 0, so underflow cannot happen), nor take
varying offset values into account (hardcoded limits meant that
the offset was ignored even if it could not cause an overflow),
but instead could cause non-clamped values to be emitted.
This corrected logic adheres to the Annex A. Table A.1 in the specification.
Diffstat (limited to 'base/sjbig2.c')
0 files changed, 0 insertions, 0 deletions