plug-ins: Fix ZDI-CAN-27684
Prevent overflow attack by checking if
output >= max, not just output > max.
(cherry picked from commit 5f4329d324)
This commit is contained in:
parent
7422e66a50
commit
f520f4c268
1 changed files with 2 additions and 2 deletions
|
|
@ -323,7 +323,7 @@ icns_decompress (guchar *dest,
|
|||
|
||||
for (run -= 125; run > 0; run--)
|
||||
{
|
||||
if (out > max)
|
||||
if (out >= max)
|
||||
{
|
||||
g_message ("Corrupt icon? compressed run overflows output size.");
|
||||
return FALSE;
|
||||
|
|
@ -341,7 +341,7 @@ icns_decompress (guchar *dest,
|
|||
g_message ("Corrupt icon: uncompressed run overflows input size.");
|
||||
return FALSE;
|
||||
}
|
||||
if (out > max)
|
||||
if (out >= max)
|
||||
{
|
||||
g_message ("Corrupt icon: uncompressed run overflows output size.");
|
||||
return FALSE;
|
||||
|
|
|
|||
Loading…
Reference in a new issue