ref: d02b3649334e59e862b37c70d7d0fa9e086a524c
parent: 54d7ae33e6dfd2218c89809786a7b66898c2280a
author: Robin Watts <[email protected]>
date: Fri May 24 13:40:42 EDT 2013
Fix MuPDF fuzzing SEGV Move the indexing of an array AFTER the check for whether the index is suitable.
--- a/jbig2_text.c
+++ b/jbig2_text.c
@@ -154,13 +154,13 @@
range = 1;
} else {
if (code == 32) {
- len = symcodelengths[index-1].PREFLEN;
if (index < 1) {
jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
"error decoding symbol id table: run length with no antecedent!");
code = -1;
- goto cleanup1;
+ goto cleanup1;
}
+ len = symcodelengths[index-1].PREFLEN;
} else {
len = 0; /* code == 33 or 34 */
}