diff options
author | Sebastian Rasmussen <sebras@gmail.com> | 2019-09-15 18:12:31 +0200 |
---|---|---|
committer | Sebastian Rasmussen <sebras@gmail.com> | 2020-03-20 17:54:14 +0800 |
commit | 30842ee99923fa10a7301494fd08b998e7acf57b (patch) | |
tree | f7a420ff3c1b8ba5f4987a9fad61dbdc53e7fe81 /jbig2dec | |
parent | 17e84cb1a4903fab26b5fc5d2e4805a1097f5a33 (diff) | |
download | ghostpdl-30842ee99923fa10a7301494fd08b998e7acf57b.tar.gz |
jbig2dec: Add overflow detection for IAID context size.
Diffstat (limited to 'jbig2dec')
-rw-r--r-- | jbig2dec/jbig2_arith_iaid.c | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/jbig2dec/jbig2_arith_iaid.c b/jbig2dec/jbig2_arith_iaid.c index 78dc83053..bbc38a0b6 100644 --- a/jbig2dec/jbig2_arith_iaid.c +++ b/jbig2dec/jbig2_arith_iaid.c @@ -44,9 +44,18 @@ struct _Jbig2ArithIaidCtx { Jbig2ArithIaidCtx * jbig2_arith_iaid_ctx_new(Jbig2Ctx *ctx, int SBSYMCODELEN) { - Jbig2ArithIaidCtx *result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1); - int ctx_size = 1 << SBSYMCODELEN; + Jbig2ArithIaidCtx *result; + size_t ctx_size; + if (sizeof(ctx_size) * 8 <= SBSYMCODELEN) + { + jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "requested IAID arithmetic coding state size too large"); + return NULL; + } + + ctx_size = 1 << SBSYMCODELEN; + + result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1); if (result == NULL) { jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "failed to allocate IAID arithmetic coding state"); return NULL; |