From 11366353e1e88805f25053825cfd99be035cd245 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simon=20B=C3=BCnzli?= Date: Sat, 10 May 2014 12:10:00 +0200 Subject: better buffer underflow protection for ba15a8cd3238a3a3c098ad8b7d96cb0e405fc26f --- source/fitz/image.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source/fitz/image.c') diff --git a/source/fitz/image.c b/source/fitz/image.c index bfafdcd4..1e6a1183 100644 --- a/source/fitz/image.c +++ b/source/fitz/image.c @@ -281,9 +281,10 @@ fz_image_get_pixmap(fz_context *ctx, fz_image *image, int w, int h) case FZ_IMAGE_JPEG: /* Scan JPEG stream and patch missing height values in header */ { - unsigned char *d = image->buffer->buffer->data; - unsigned char *e = d + image->buffer->buffer->len; - for (d += 2; d + 9 < e && d[0] == 0xFF; d += (d[2] << 8 | d[3]) + 2) + unsigned char *s = image->buffer->buffer->data; + unsigned char *e = s + image->buffer->buffer->len; + unsigned char *d; + for (d = s + 2; s < d && d < e - 9 && d[0] == 0xFF; d += (d[2] << 8 | d[3]) + 2) { if (d[1] < 0xC0 || (0xC3 < d[1] && d[1] < 0xC9) || 0xCB < d[1]) continue; -- cgit v1.2.3