ref: c9d7eeee85e5bad495a86f75eb926f5946693726
parent: fc94c421719bad08c24f31dc92c82a7885a21ec9
author: Sebastian Rasmussen <sebras@gmail.com>
date: Wed Mar 11 20:27:13 EDT 2020
jbig2dec: Use uint32_t when counting segments.
--- a/jbig2.c
+++ b/jbig2.c
@@ -322,9 +322,17 @@
return 0; /* need more data */
ctx->buf_rd_ix += header_size;
- if (ctx->n_segments == ctx->n_segments_max) {+ if (ctx->n_segments >= ctx->n_segments_max) {Jbig2Segment **segments;
+ if (ctx->n_segments_max == UINT32_MAX) {+ ctx->state = JBIG2_FILE_EOF;
+ return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "too many segments in jbig2 image");
+ }
+ else if (ctx->n_segments_max > (UINT32_MAX >> 2)) {+ ctx->n_segments_max = UINT32_MAX;
+ }
+
segments = jbig2_renew(ctx, ctx->segments, Jbig2Segment *, (ctx->n_segments_max <<= 2));
if (segments == NULL) {ctx->state = JBIG2_FILE_EOF;
@@ -332,7 +340,6 @@
}
ctx->segments = segments;
}
-
ctx->segments[ctx->n_segments++] = segment;
if (ctx->state == JBIG2_FILE_RANDOM_HEADERS) {--- a/jbig2_priv.h
+++ b/jbig2_priv.h
@@ -94,10 +94,10 @@
uint8_t file_header_flags;
uint32_t n_pages;
- int n_segments_max;
+ uint32_t n_segments_max;
Jbig2Segment **segments;
- int n_segments; /* index of last segment header parsed */
- int segment_index; /* index of last segment body parsed */
+ uint32_t n_segments; /* index of last segment header parsed */
+ uint32_t segment_index; /* index of last segment body parsed */
/* list of decoded pages, including the one in progress,
currently stored as a contiguous, 0-indexed array. */