Bug 969226 - Check if there is enough data to read u32 to avoid buffer overflow. r=bgirard, a=abillings
authorJeff Muizelaar <jmuizelaar@mozilla.com>
Fri, 11 Apr 2014 10:24:42 -0400
changeset 183741 05c933823ad8fed6c3c6dde3ff8a6dea026cc008
parent 183740 d20804c31f61e4e50630ae97d68b6158e728b5b9
child 183742 1be8ef9bf661db27b69e68ccbd9a66934c65c1d0
push id3466
push userryanvm@gmail.com
push dateMon, 14 Apr 2014 14:00:12 +0000
treeherdermozilla-beta@1be8ef9bf661 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbgirard, abillings
bugs969226
milestone29.0
Bug 969226 - Check if there is enough data to read u32 to avoid buffer overflow. r=bgirard, a=abillings
gfx/qcms/iccread.c
--- a/gfx/qcms/iccread.c
+++ b/gfx/qcms/iccread.c
@@ -1015,16 +1015,19 @@ qcms_profile* qcms_profile_from_memory(c
 	struct mem_source *src = &source;
 	struct tag_index index;
 	qcms_profile *profile;
 
 	source.buf = mem;
 	source.size = size;
 	source.valid = true;
 
+	if (size < 4)
+		return INVALID_PROFILE;
+
 	length = read_u32(src, 0);
 	if (length <= size) {
 		// shrink the area that we can read if appropriate
 		source.size = length;
 	} else {
 		return INVALID_PROFILE;
 	}