diff options
author | Nigel Tao <nigeltao@golang.org> | 2014-09-15 08:41:59 +1000 |
---|---|---|
committer | Nigel Tao <nigeltao@golang.org> | 2014-09-15 08:41:59 +1000 |
commit | 59a3de87634517a57dfd2648b49a22534c8c6083 (patch) | |
tree | 49fe3127ad875f06b3f3cbdf8bbbfdad3bf2f499 /src | |
parent | af9e91e0ce812fbb830e8e0e228436f11fbd6958 (diff) | |
download | go-59a3de87634517a57dfd2648b49a22534c8c6083.tar.gz |
image/jpeg: reject invalid Ta and Td values.
Fixes issue 8693.
LGTM=crawshaw
R=crawshaw
CC=golang-codereviews
https://codereview.appspot.com/141470043
Diffstat (limited to 'src')
-rw-r--r-- | src/image/jpeg/scan.go | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/image/jpeg/scan.go b/src/image/jpeg/scan.go index 8d81b0808..2bd1d9d53 100644 --- a/src/image/jpeg/scan.go +++ b/src/image/jpeg/scan.go @@ -65,7 +65,13 @@ func (d *decoder) processSOS(n int) error { } scan[i].compIndex = uint8(compIndex) scan[i].td = d.tmp[2+2*i] >> 4 + if scan[i].td > maxTh { + return FormatError("bad Td value") + } scan[i].ta = d.tmp[2+2*i] & 0x0f + if scan[i].ta > maxTh { + return FormatError("bad Ta value") + } } // zigStart and zigEnd are the spectral selection bounds. |