[cairo-commit] 2 commits - src/cairo-image-info.c
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Mon Jan 2 09:04:02 UTC 2023
src/cairo-image-info.c | 2 ++
1 file changed, 2 insertions(+)
New commits:
commit d9008ff8c1847217ae3d6557dc8e47aa24560f30
Merge: 52e964da6 d623090b3
Author: Uli Schlachter <psychon at znc.in>
Date: Mon Jan 2 09:04:00 2023 +0000
Merge branch 'jbig2-out-of-bounds-read' into 'master'
Fix an out of bounds read in _jbig2_get_next_segment()
See merge request cairo/cairo!386
commit d623090b32a15df12d09f82c5da2ad65bfd5ec12
Author: Uli Schlachter <psychon at znc.in>
Date: Sun Jan 1 09:43:33 2023 +0100
Fix an out of bounds read in _jbig2_get_next_segment()
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38451
Signed-off-by: Uli Schlachter <psychon at znc.in>
diff --git a/src/cairo-image-info.c b/src/cairo-image-info.c
index f207ae887..9b5e2d2e2 100644
--- a/src/cairo-image-info.c
+++ b/src/cairo-image-info.c
@@ -348,6 +348,8 @@ _jbig2_get_next_segment (const unsigned char *p,
num_segs = p[0] >> 5;
if (num_segs == 7) {
+ if (p + 4 >= end)
+ return NULL;
num_segs = get_unaligned_be32 (p) & 0x1fffffff;
ref_seg_bytes = 4 + ((num_segs + 1)/8);
} else {
More information about the cairo-commit
mailing list