shithub: jbig2

Download patch

ref: ce3e3aa738f1f5102fea63dfb9de15fea555c559
parent: 5991310f87724aaa1d47850baf75c2512c269cef
author: Robin Watts <[email protected]>
date: Wed Jan 29 07:40:14 EST 2020

jbig2dec: Fix OSS-Fuzz issue 20358

Avoid a signed/unsigned comparison which was implicitly casting
gmax=-1 to unsigned, and hence making right larger than it should
have been.

Apply similar fixes to equivalent places in the code.

--- a/jbig2_generic.c
+++ b/jbig2_generic.c
@@ -922,9 +922,9 @@
         gmin = params->gbat[6];
     if (gmax < params->gbat[6])
         gmax = params->gbat[6];
-    if (left < -gmin)
+    if ((int)left < -gmin)
         left = -gmin;
-    if (right < gmax)
+    if ((int)right < gmax)
         right = gmax;
     /* We need to guarantee 9 pixels in the right margin to be able
      * to use jbig2_image_get_pixels_fast. */
@@ -943,7 +943,7 @@
         gmin = params->gbat[5];
     if (params->gbat[7] < gmin)
         gmin = params->gbat[7];
-    if (top < -gmin)
+    if ((int)top < -gmin)
         top = -gmin;
     /* So 0 <= y < top needs bounds checking. */