ref: 1369359f21a1c8a055cc745f920b17fbc3f30efd
parent: e740c549e59a3a58dca615478dc5dcee3fb915d8
author: Mistry <smistry@trl.co.uk>
date: Wed May 18 17:36:43 EDT 2016
Bug 696786 : Prevent checking too early for buffer overrun The code has reached near the end of the buffer so you can not just take the last 4 bytes, in this case you have to read any remaining bytes and make a return value based on that, in this edge case you have no bytes to read so the return value is zero.
--- a/jbig2.c
+++ b/jbig2.c
@@ -387,7 +387,7 @@
if (offset + 4 < z->size)
result = (data[offset] << 24) | (data[offset + 1] << 16) | (data[offset + 2] << 8) | data[offset + 3];
- else if (offset >= z->size)
+ else if (offset > z->size)
return -1;
else {int i;