Description: Prevent checking too early for buffer overrun The code has reached near the end of the buffer so you can not just take the last 4 bytes, in this case you have to read any remaining bytes and make a return value based on that, in this edge case you have no bytes to read so the return value is zero. Origin: git://git.ghostscript.com/jbig2dec.git;a=commit;h=1369359 Author: Mistry <smistry@trl.co.uk> Bug: http://bugs.ghostscript.com/show_bug.cgi?id=696786 Forwarded: yes Last-Update: 2016-08-23 --- a/jbig2.c +++ b/jbig2.c @@ -387,7 +387,7 @@ if (offset + 4 < z->size) result = (data[offset] << 24) | (data[offset + 1] << 16) | (data[offset + 2] << 8) | data[offset + 3]; - else if (offset >= z->size) + else if (offset > z->size) return -1; else { int i;