Description: Prevent checking too early for buffer overrun
The code has reached near the end of the buffer so you can not just
take the last 4 bytes, in this case you have to read any remaining
bytes and make a return value based on that, in this edge case you have
no bytes to read so the return value is zero.
Origin: git://git.ghostscript.com/jbig2dec.git;a=commit;h=1369359
Author: Mistry <smistry@trl.co.uk>
Bug: http://bugs.ghostscript.com/show_bug.cgi?id=696786
Forwarded: yes
Last-Update: 2016-08-23
--- a/jbig2.c
+++ b/jbig2.c
@@ -387,7 +387,7 @@
if (offset + 4 < z->size)
result = (data[offset] << 24) | (data[offset + 1] << 16) | (data[offset + 2] << 8) | data[offset + 3];
- else if (offset >= z->size)
+ else if (offset > z->size)
return -1;
else {
int i;
distrib
>
Mageia
>
5
>
x86_64
>
media
>
core-updates-src
>
by-pkgid
>
837d2789bebf92ac90524dd616883724
>
files
>
1
