summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorChristophe Grenier <grenier@cgsecurity.org>2014-03-16 19:24:14 +0100
committerChristophe Grenier <grenier@cgsecurity.org>2014-03-16 19:24:14 +0100
commit96ed01817665331ac4088194f8fd56c2ed3dabad (patch)
treecf35ede6cbc5d4a4f326cac4c58c9cb459bc8e24 /src
parent1500416a584393e5dbb42bc53cab3dc0513bc1ec (diff)
src/file_jpg.c: fix potential out of bound read access
Diffstat (limited to 'src')
-rw-r--r--src/file_jpg.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/file_jpg.c b/src/file_jpg.c
index 3e7eee3..2415a59 100644
--- a/src/file_jpg.c
+++ b/src/file_jpg.c
@@ -1203,7 +1203,8 @@ static void jpg_check_picture(file_recovery_t *file_recovery)
src->file_size_max=file_recovery->file_size;
}
/* Image is very big, skip some tests */
- if(jpeg_session.output_height * jpeg_session.row_stride > 500 * 1024 * 1024)
+ if((uint64_t)jpeg_session.output_height * jpeg_session.row_stride > 500 * 1024 * 1024 ||
+ jpeg_session.output_height<9)
jpeg_session.flags=0;
/* 0x100/2=0x80, medium value */
if(jpeg_session.flags==0)