plug-ins: Fix ZDI-CAN-27684

Prevent overflow attack by checking if
output >= max, not just output > max.

(cherry picked from commit 5f4329d324)
This commit is contained in:
Alx Sa 2025-09-03 13:41:10 +00:00 committed by Jehan
parent 7422e66a50
commit f520f4c268

View file

@ -323,7 +323,7 @@ icns_decompress (guchar *dest,
for (run -= 125; run > 0; run--)
{
if (out > max)
if (out >= max)
{
g_message ("Corrupt icon? compressed run overflows output size.");
return FALSE;
@ -341,7 +341,7 @@ icns_decompress (guchar *dest,
g_message ("Corrupt icon: uncompressed run overflows input size.");
return FALSE;
}
if (out > max)
if (out >= max)
{
g_message ("Corrupt icon: uncompressed run overflows output size.");
return FALSE;