tif_ojpeg.c: avoid unsigned integer overflow. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16793
This commit is contained in:
parent
9034afb440
commit
c22f319eb4
@ -1317,7 +1317,9 @@ OJPEGReadHeaderInfoSec(TIFF* tif)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if ((sp->jpeg_interchange_format_length==0) || (sp->jpeg_interchange_format+sp->jpeg_interchange_format_length>sp->file_size))
|
if ((sp->jpeg_interchange_format_length==0) ||
|
||||||
|
(sp->jpeg_interchange_format > TIFF_UINT64_MAX - sp->jpeg_interchange_format_length) ||
|
||||||
|
(sp->jpeg_interchange_format+sp->jpeg_interchange_format_length>sp->file_size))
|
||||||
sp->jpeg_interchange_format_length=sp->file_size-sp->jpeg_interchange_format;
|
sp->jpeg_interchange_format_length=sp->file_size-sp->jpeg_interchange_format;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user