jbig2dec: Add overflow detection for IAID context size.

author: Sebastian Rasmussen <sebras@gmail.com> 2019-09-15 18:12:31 +0200
committer: Sebastian Rasmussen <sebras@gmail.com> 2020-03-20 17:54:14 +0800
commit: 30842ee99923fa10a7301494fd08b998e7acf57b (patch)
tree: f7a420ff3c1b8ba5f4987a9fad61dbdc53e7fe81 /jbig2dec
parent: 17e84cb1a4903fab26b5fc5d2e4805a1097f5a33 (diff)
download: ghostpdl-30842ee99923fa10a7301494fd08b998e7acf57b.tar.gz
1 files changed, 11 insertions, 2 deletions
diff --git a/jbig2dec/jbig2_arith_iaid.c b/jbig2dec/jbig2_arith_iaid.c
index 78dc83053..bbc38a0b6 100644
--- a/jbig2dec/jbig2_arith_iaid.c
+++ b/jbig2dec/jbig2_arith_iaid.c
@@ -44,9 +44,18 @@ struct _Jbig2ArithIaidCtx {
 Jbig2ArithIaidCtx *
 jbig2_arith_iaid_ctx_new(Jbig2Ctx *ctx, int SBSYMCODELEN)
 {
-    Jbig2ArithIaidCtx *result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1);
-    int ctx_size = 1 << SBSYMCODELEN;
+    Jbig2ArithIaidCtx *result;
+    size_t ctx_size;
 
+    if (sizeof(ctx_size) * 8 <= SBSYMCODELEN)
+    {
+        jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "requested IAID arithmetic coding state size too large");
+        return NULL;
+    }
+
+    ctx_size = 1 << SBSYMCODELEN;
+
+    result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1);
     if (result == NULL) {
         jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "failed to allocate IAID arithmetic coding state");
         return NULL;
author	Sebastian Rasmussen <sebras@gmail.com>	2019-09-15 18:12:31 +0200
committer	Sebastian Rasmussen <sebras@gmail.com>	2020-03-20 17:54:14 +0800
commit	30842ee99923fa10a7301494fd08b998e7acf57b (patch)
tree	f7a420ff3c1b8ba5f4987a9fad61dbdc53e7fe81 /jbig2dec
parent	17e84cb1a4903fab26b5fc5d2e4805a1097f5a33 (diff)
download	ghostpdl-30842ee99923fa10a7301494fd08b998e7acf57b.tar.gz