ref: ce3e3aa738f1f5102fea63dfb9de15fea555c559
parent: 5991310f87724aaa1d47850baf75c2512c269cef
author: Robin Watts <[email protected]>
date: Wed Jan 29 07:40:14 EST 2020
jbig2dec: Fix OSS-Fuzz issue 20358 Avoid a signed/unsigned comparison which was implicitly casting gmax=-1 to unsigned, and hence making right larger than it should have been. Apply similar fixes to equivalent places in the code.
--- a/jbig2_generic.c
+++ b/jbig2_generic.c
@@ -922,9 +922,9 @@
gmin = params->gbat[6];
if (gmax < params->gbat[6])
gmax = params->gbat[6];
- if (left < -gmin)
+ if ((int)left < -gmin)
left = -gmin;
- if (right < gmax)
+ if ((int)right < gmax)
right = gmax;
/* We need to guarantee 9 pixels in the right margin to be able
* to use jbig2_image_get_pixels_fast. */
@@ -943,7 +943,7 @@
gmin = params->gbat[5];
if (params->gbat[7] < gmin)
gmin = params->gbat[7];
- if (top < -gmin)
+ if ((int)top < -gmin)
top = -gmin;
/* So 0 <= y < top needs bounds checking. */