ref: fc94c421719bad08c24f31dc92c82a7885a21ec9
parent: caeaa2c6ff5ec7b76e71960dd497ca4c82c136a5
author: Sebastian Rasmussen <sebras@gmail.com>
date: Wed Mar 11 20:26:59 EDT 2020
jbig2dec: Always use uint32_t when counting pages.
--- a/jbig2.c
+++ b/jbig2.c
@@ -154,7 +154,7 @@
return NULL;
}
{- int index;
+ uint32_t index;
for (index = 0; index < result->max_page_index; index++) {result->pages[index].state = JBIG2_PAGE_FREE;
@@ -412,7 +412,7 @@
jbig2_ctx_free(Jbig2Ctx *ctx)
{Jbig2Allocator *ca;
- int i;
+ uint32_t i;
if (ctx == NULL)
return NULL;
--- a/jbig2_page.c
+++ b/jbig2_page.c
@@ -72,7 +72,7 @@
/* find a free page */
{- int index, j;
+ size_t index, j;
index = ctx->current_page;
while (ctx->pages[index].state != JBIG2_PAGE_FREE) {@@ -79,6 +79,14 @@
index++;
if (index >= ctx->max_page_index) {/* grow the list */
+
+ if (ctx->max_page_index == SIZE_MAX) {+ return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "too many pages in jbig2 image");
+ }
+ else if (ctx->max_page_index > (SIZE_MAX >> 2)) {+ ctx->max_page_index = SIZE_MAX;
+ }
+
pages = jbig2_renew(ctx, ctx->pages, Jbig2Page, (ctx->max_page_index <<= 2));
if (pages == NULL) {return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "failed to reallocate pages");
--- a/jbig2_priv.h
+++ b/jbig2_priv.h
@@ -101,8 +101,8 @@
/* list of decoded pages, including the one in progress,
currently stored as a contiguous, 0-indexed array. */
- int current_page;
- int max_page_index;
+ uint32_t current_page;
+ uint32_t max_page_index;
Jbig2Page *pages;
};