You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
32 lines
1.1 KiB
32 lines
1.1 KiB
From 606a22e77e7f081781e99e44644cd0119f559e03 Mon Sep 17 00:00:00 2001 |
|
From: Ken Sharp <ken.sharp@artifex.com> |
|
Date: Wed, 14 Nov 2018 09:27:00 +0000 |
|
Subject: [PATCH] Bug #700168 - add a type check |
|
|
|
Bug #700168 "Type confusion in JBIG2Decode" |
|
|
|
The code was assuming that .jbig2globalctx was a structure allocated |
|
by the graphics library, without checking. |
|
|
|
Add a check to see that it is a structure and that its the correct |
|
type of structure. |
|
--- |
|
psi/zfjbig2.c | 2 ++ |
|
1 file changed, 2 insertions(+) |
|
|
|
diff --git a/psi/zfjbig2.c b/psi/zfjbig2.c |
|
index a3d13a2..07b470f 100644 |
|
--- a/psi/zfjbig2.c |
|
+++ b/psi/zfjbig2.c |
|
@@ -72,6 +72,8 @@ z_jbig2decode(i_ctx_t * i_ctx_p) |
|
if (r_has_type(op, t_dictionary)) { |
|
check_dict_read(*op); |
|
if ( dict_find_string(op, ".jbig2globalctx", &sop) > 0) { |
|
+ if (!r_is_struct(sop) || !r_has_stype(sop, imemory, st_jbig2_global_data_t)) |
|
+ return_error(gs_error_typecheck); |
|
gref = r_ptr(sop, s_jbig2_global_data_t); |
|
s_jbig2decode_set_global_data((stream_state*)&state, gref); |
|
} |
|
-- |
|
2.17.2 |
|
|
|
|