Bug 969226 - Check if there is enough data to read u32 to avoid buffer overflow. r=bgirard
authorJeff Muizelaar <jmuizelaar@mozilla.com>
Wed, 09 Apr 2014 15:20:18 -0400
changeset 178000 7f295bcceea0d9b0af595e8159435062ab9733a9
parent 177999 351a8f7d3512a238ce9f619df836713c81f9c131
child 178001 8e20983ae82dc3267d7c7cb537f26e91945534f0
push id26569
push userryanvm@gmail.com
push dateFri, 11 Apr 2014 04:11:36 +0000
treeherdermozilla-central@783c5013dbec [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbgirard
bugs969226
milestone31.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 969226 - Check if there is enough data to read u32 to avoid buffer overflow. r=bgirard
gfx/qcms/iccread.c
--- a/gfx/qcms/iccread.c
+++ b/gfx/qcms/iccread.c
@@ -1015,16 +1015,19 @@ qcms_profile* qcms_profile_from_memory(c
 	struct mem_source *src = &source;
 	struct tag_index index;
 	qcms_profile *profile;
 
 	source.buf = mem;
 	source.size = size;
 	source.valid = true;
 
+	if (size < 4)
+		return INVALID_PROFILE;
+
 	length = read_u32(src, 0);
 	if (length <= size) {
 		// shrink the area that we can read if appropriate
 		source.size = length;
 	} else {
 		return INVALID_PROFILE;
 	}