ref: 7d4b97ec8e94875d05f2344b71691e8ecb77e71c
parent: 787ec89da97329210578b4760c674d2bd7766ee2
author: Julian Smith <jules@op59.net>
date: Tue Nov 12 10:51:23 EST 2019
jbig2_hd_new(): return error if params->GRAYMAX is large enough that N wraps to zero. This was noticed when investigating coverity warnings about params->GRAYMAX being tainted.
--- a/jbig2_halftone.c
+++ b/jbig2_halftone.c
@@ -50,6 +50,12 @@
uint32_t i;
int j;
+ if (N == 0) {+ /* We've wrapped. */
+ jbig2_error(ctx, JBIG2_SEVERITY_WARNING, -1, "params->GRAYMAX out of range");
+ return NULL;
+ }
+
/* allocate a new struct */
new = jbig2_new(ctx, Jbig2PatternDict, 1);
if (new != NULL) {