Mercurial > hg > dmlib
diff tools/lib64gfx.c @ 1597:501e31f11c29
Fix RLE decoder bounds checks for compressed sequences.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Mon, 14 May 2018 07:27:31 +0300 |
parents | 3cc7b2aadda3 |
children | e28e67358ff6 |
line wrap: on
line diff
--- a/tools/lib64gfx.c Mon May 14 06:44:28 2018 +0300 +++ b/tools/lib64gfx.c Mon May 14 07:27:31 2018 +0300 @@ -313,7 +313,7 @@ // A simple marker byte RLE variant: [Marker] [count] [data] if (data == cfg->rleMarker) { - if (srcEnd - src < 2) + if (srcEnd - src + 1 < 2) { res = DMERR_INVALID_DATA; goto err; @@ -339,7 +339,7 @@ // and the lower bits contain the count: [Mask + count] [data] if ((data & cfg->rleMask1) == cfg->rleMarker) { - if (srcEnd - src < 1) + if (srcEnd - src + 1 < 1) { res = DMERR_INVALID_DATA; goto err;