ref: 57347c19187052242c1a8981e26ed6d046ed52d9
parent: f783078899f926f9431f1bf9e605cfe2395c462f
author: Janne Grunau <[email protected]>
date: Sat Oct 6 17:40:31 EDT 2018
decode_b: make sure seg_id is valid Fixes heap overflow with david-fuzzing-data:artifacts/crash-5c3b00780bb24ac2e123c3f172b1e4829bc98aa5.
--- a/src/decode.c
+++ b/src/decode.c
@@ -773,6 +773,7 @@
b->seg_id = neg_deinterleave(diff, pred_seg_id,
last_active_seg_id + 1);
if (b->seg_id > last_active_seg_id) b->seg_id = 0; // error?
+ if (b->seg_id >= NUM_SEGMENTS) b->seg_id = 0; // error?
}
if (DEBUG_BLOCK_INFO)
@@ -821,6 +822,7 @@
last_active_seg_id + 1);
if (b->seg_id > last_active_seg_id) b->seg_id = 0; // error?
}
+ if (b->seg_id >= NUM_SEGMENTS) b->seg_id = 0; // error?
}
if (DEBUG_BLOCK_INFO)