shithub: jbig2

Download patch

ref: a08d35b9f9c3ee075b823fa57d37ecbcc71aae97
parent: 59be9fea452d6079836e8fd6e3ae9e79c6dddcf4
author: Sebastian Rasmussen <sebras@gmail.com>
date: Tue Mar 5 13:09:20 EST 2019 

jbig2dec: Fix bug where realloc returns NULL.


--- a/jbig2_image.c
+++ b/jbig2_image.c
@@ -110,6 +110,8 @@
 jbig2_image_resize(Jbig2Ctx *ctx, Jbig2Image *image, uint32_t width, uint32_t height, int value)
 {
     if (width == image->width) {
+        uint8_t *data;
+
         /* check for integer multiplication overflow */
         if (image->height > (INT32_MAX / image->stride)) {
             jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "integer multiplication overflow during resize (stride=%u, height=%u)", image->stride, height);
@@ -116,11 +118,12 @@
             return NULL;
         }
         /* use the same stride, just change the length */
-        image->data = jbig2_renew(ctx, image->data, uint8_t, (size_t) height * image->stride);
-        if (image->data == NULL) {
+        data = jbig2_renew(ctx, image->data, uint8_t, (size_t) height * image->stride);
+        if (data == NULL) {
             jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "failed to reallocate image");
             return NULL;
         }
+        image->data = data;
         if (height > image->height) {
             const uint8_t fill = value ? 0xFF : 0x00;
             memset(image->data + (size_t) image->height * image->stride, fill, ((size_t) height - image->height) * image->stride);