shithub: jbig2

Download patch

ref: d02b3649334e59e862b37c70d7d0fa9e086a524c
parent: 54d7ae33e6dfd2218c89809786a7b66898c2280a
author: Robin Watts <[email protected]>
date: Fri May 24 13:40:42 EDT 2013

Fix MuPDF fuzzing SEGV

Move the indexing of an array AFTER the check for whether the
index is suitable.

--- a/jbig2_text.c
+++ b/jbig2_text.c
@@ -154,13 +154,13 @@
 	    range = 1;
 	  } else {
 	    if (code == 32) {
-	      len = symcodelengths[index-1].PREFLEN;
 	      if (index < 1) {
 		jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number,
 	 	  "error decoding symbol id table: run length with no antecedent!");
 	        code = -1;
-            goto cleanup1;
+                goto cleanup1;
 	      }
+	      len = symcodelengths[index-1].PREFLEN;
 	    } else {
 	      len = 0; /* code == 33 or 34 */
 	    }