ref: 5bc215cd78619abe678381de5a63d603dfa1bbd3
parent: 15013a4b69bb42d7268613b6c4ccb69f1a2f7cfe
author: Sebastian Rasmussen <sebras@gmail.com>
date: Tue Apr 24 09:39:07 EDT 2018
jbig2dec: Handle under-/overflow in arithmetic integer decoder.
--- a/jbig2_arith_int.c
+++ b/jbig2_arith_int.c
@@ -57,7 +57,8 @@
{Jbig2ArithCx *IAx = actx->IAx;
int PREV = 1;
- int S, V;
+ int S;
+ int32_t V;
int bit;
int n_tail, offset;
int i;
@@ -129,7 +130,9 @@
V = (V << 1) | bit;
}
- V += offset;
+ /* make sure not to underflow/overflow 32 bit value */
+ if (V < INT32_MAX - 4436 || V > INT32_MIN + 4436)
+ V += offset;
V = S ? -V : V;
*p_result = V;
return S && V == 0 ? 1 : 0;