summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2019-08-27 07:55:08 +0200
committerChristophe Grenier <grenier@cgsecurity.org>2019-08-27 07:55:08 +0200
commit0c60e3015477fd52e67adfa8e6a9e7be39eb40e5 (patch)
tree7d5a35b2a0e150db9d5ee4080d9e9279ca0ee26a
parent37dd4a85471074cedd3b8dd95663a0f07c48edf8 (diff)
PhotoRec: avoid a potential out-of-bound read in jpg_check_structure()
-rw-r--r--src/file_jpg.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/file_jpg.c b/src/file_jpg.c
index 8c8ae08..bf82acd 100644
--- a/src/file_jpg.c
+++ b/src/file_jpg.c
@@ -1449,7 +1449,7 @@ static uint64_t jpg_check_structure(file_recovery_t *file_recovery, const unsign
{
unsigned int offset;
file_recovery->offset_error=0;
- for(offset=file_recovery->blocksize; offset < nbytes && file_recovery->offset_error==0; offset+=file_recovery->blocksize)
+ for(offset=file_recovery->blocksize; offset + 30 < nbytes && file_recovery->offset_error==0; offset+=file_recovery->blocksize)
{
if(buffer[offset]==0xff && buffer[offset+1]==0xd8 && buffer[offset+2]==0xff &&
((buffer[offset+3]==0xe1 && memcmp(&buffer[offset+6], "http://ns.adobe.com/xap/", 24)!=0)