# HG changeset patch
# User Matti Hamalainen <ccr@tnsp.org>
# Date 1526272051 -10800
# Node ID 501e31f11c29638c5b121facb74df5793f2ef6da
# Parent  9bc23e64f5657158211f799fee6913a6c38c87e1
Fix RLE decoder bounds checks for compressed sequences.

diff -r 9bc23e64f565 -r 501e31f11c29 tools/lib64gfx.c
--- a/tools/lib64gfx.c	Mon May 14 06:44:28 2018 +0300
+++ b/tools/lib64gfx.c	Mon May 14 07:27:31 2018 +0300
@@ -313,7 +313,7 @@
                 // A simple marker byte RLE variant: [Marker] [count] [data]
                 if (data == cfg->rleMarker)
                 {
-                    if (srcEnd - src < 2)
+                    if (srcEnd - src + 1 < 2)
                     {
                         res = DMERR_INVALID_DATA;
                         goto err;
@@ -339,7 +339,7 @@
                 // and the lower bits contain the count: [Mask + count] [data]
                 if ((data & cfg->rleMask1) == cfg->rleMarker)
                 {
-                    if (srcEnd - src < 1)
+                    if (srcEnd - src + 1 < 1)
                     {
                         res = DMERR_INVALID_DATA;
                         goto err;