ref: dcf7801f015dbbb44c82b57167e57207765abff3
parent: fe55e5eb9f7aaf06296617d824245581e99f8fd8
author: Robin Watts <[email protected]>
date: Wed Dec 11 14:02:39 EST 2013
Bug 694124: Shailesh Mistry's patch for valgrind problems. Detect zero sized symbol dictionary and exit neatly. Avoids overreads.
--- a/jbig2_symbol_dict.c
+++ b/jbig2_symbol_dict.c
@@ -1049,9 +1049,19 @@
params.SDNUMNEWSYMS = jbig2_get_uint32(segment_data + offset + 4);
offset += 8;
- jbig2_error(ctx, JBIG2_SEVERITY_INFO, segment->number,
- "symbol dictionary, flags=%04x, %u exported syms, %u new syms",
- flags, params.SDNUMEXSYMS, params.SDNUMNEWSYMS);
+ if (params.SDNUMEXSYMS == 0 || params.SDNUMNEWSYMS == 0)
+ {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
+ "empty symbol dictionary, flags=%04x, %u exported syms, %u new syms",
+ flags, params.SDNUMEXSYMS, params.SDNUMNEWSYMS);
+ goto cleanup;
+ }
+ else
+ {
+ jbig2_error(ctx, JBIG2_SEVERITY_INFO, segment->number,
+ "symbol dictionary, flags=%04x, %u exported syms, %u new syms",
+ flags, params.SDNUMEXSYMS, params.SDNUMNEWSYMS);
+ }
/* 7.4.2.2 (2) */
{