ref: 743d799bfd9014f9ef638634656fea21390d1444
parent: 9d1f28c1e9b8619073b36400e787eff8d84b27c3
author: Robin Watts <Robin.Watts@artifex.com>
date: Mon Feb 3 06:06:48 EST 2020
jbig2dec: Fix OSS-Fuzz issue 20493 The maximum x gbat works out as 126, where GBW is 32. This makes right = GBW - gmax huge. Clip the value to avoid problems. Thanks for OSS-Fuzz for reporting.
--- a/jbig2_generic.c
+++ b/jbig2_generic.c
@@ -1012,6 +1012,8 @@
left = -gmin;
if ((int)right < gmax)
right = gmax;
+ if (right > GBW)
+ right = GBW;
right = GBW - right;
/* So 0 <= x < left or right <= x < GBW needs bounds checking. */