mirrors/JetBrainsRuntime
1
0
Fork 0
mirror of https://github.com/JetBrains/JetBrainsRuntime.git synced 2025-12-06 09:29:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

8318951: Additional negative value check in JPEG decoding

Browse Source 
Backport-of: 75ce02fe74
This commit is contained in:
Jayathirth D V
2023-11-09 04:41:59 +00:00
committed by Vitaly Provodin
parent 4161de1dbc
commit ab4df04dfb
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/java.desktop/share/native/libjavajpeg/imageioJPEG.c
View File

@@ -1132,6 +1132,10 @@ imageio_skip_input_data(j_decompress_ptr cinfo, long num_bytes)
return;
}
num_bytes += sb->remaining_skip;
// Check for overflow if remaining_skip value is too large
if (num_bytes < 0) {
return;
}
sb->remaining_skip = 0;
/* First the easy case where we are skipping <= the current contents. */

4
src/java.desktop/share/native/libjavajpeg/jpegdecoder.c
View File

@@ -406,6 +406,10 @@ sun_jpeg_skip_input_data(j_decompress_ptr cinfo, long num_bytes)
return;
}
num_bytes += src->remaining_skip;
// Check for overflow if remaining_skip value is too large
if (num_bytes < 0) {
return;
}
src->remaining_skip = 0;
ret = (int)src->pub.bytes_in_buffer; /* this conversion is safe, because capacity of the buffer is limited by jnit */
if (ret >= num_bytes) {