ref: f6d326878893dc92b45cbd18e25ab4d2b3a8db73
parent: 346a90f18c4592dc6cbcf53f007105a4273505eb
author: Sebastian Rasmussen <[email protected]>
date: Sun Sep 15 14:12:31 EDT 2019
jbig2dec: Add overflow detection for IAID context size.
--- a/jbig2_arith_iaid.c
+++ b/jbig2_arith_iaid.c
@@ -44,9 +44,18 @@
Jbig2ArithIaidCtx *
jbig2_arith_iaid_ctx_new(Jbig2Ctx *ctx, int SBSYMCODELEN)
{
- Jbig2ArithIaidCtx *result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1);
- int ctx_size = 1 << SBSYMCODELEN;
+ Jbig2ArithIaidCtx *result;
+ size_t ctx_size;
+ if (sizeof(ctx_size) * 8 <= SBSYMCODELEN)
+ {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "requested IAID arithmetic coding state size too large");
+ return NULL;
+ }
+
+ ctx_size = 1 << SBSYMCODELEN;
+
+ result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1);
if (result == NULL) {
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "failed to allocate IAID arithmetic coding state");
return NULL;