2 files changed, 6 insertions, 2 deletions

diff --git a/core/fxcodec/jbig2/JBig2_Context.cpp b/core/fxcodec/jbig2/JBig2_Context.cpp
index 53e6b7a84a..6985c0e927 100644
--- a/core/fxcodec/jbig2/JBig2_Context.cpp
+++ b/core/fxcodec/jbig2/JBig2_Context.cpp
@@ -101,7 +101,10 @@ int32_t CJBig2_Context::decode_SquentialOrgnazation(
     }
     if (m_pSegment->m_dwData_length != 0xffffffff) {
       m_dwOffset += m_pSegment->m_dwData_length;
-      m_pStream->setOffset(m_dwOffset);
+      if (!m_dwOffset.IsValid())
+        return JBIG2_ERROR_FATAL;
+
+      m_pStream->setOffset(m_dwOffset.ValueOrDie());
     } else {
       m_pStream->offset(4);
     }
diff --git a/core/fxcodec/jbig2/JBig2_Context.h b/core/fxcodec/jbig2/JBig2_Context.h
index 314db9083a..749ec901f4 100644
--- a/core/fxcodec/jbig2/JBig2_Context.h
+++ b/core/fxcodec/jbig2/JBig2_Context.h
@@ -16,6 +16,7 @@
 #include "core/fxcodec/fx_codec_def.h"
 #include "core/fxcodec/jbig2/JBig2_Page.h"
 #include "core/fxcodec/jbig2/JBig2_Segment.h"
+#include "core/fxcrt/fx_safe_types.h"
 
 class CJBig2_ArithDecoder;
 class CJBig2_GRDProc;
@@ -101,7 +102,7 @@ class CJBig2_Context {
   std::unique_ptr<CJBig2_ArithDecoder> m_pArithDecoder;
   std::unique_ptr<CJBig2_GRDProc> m_pGRD;
   std::unique_ptr<CJBig2_Segment> m_pSegment;
-  uint32_t m_dwOffset;
+  FX_SAFE_UINT32 m_dwOffset;
   JBig2RegionInfo m_ri;
   std::list<CJBig2_CachePair>* const m_pSymbolDictCache;
   bool m_bIsGlobal;