Bug 969226 - Check if there is enough data to read u32 to avoid buffer overflow. r=bgirard, a=abillings
authorJeff Muizelaar <jmuizelaar@mozilla.com>
Fri, 11 Apr 2014 10:24:23 -0400
changeset 192793 f6879fbf3c944a02e1c13554f768bd32ba43a5dc
parent 192792 e1a71019512d5f818f34f2e83c47346d0eb0d3c0
child 192794 c50f6cbac4a283b96bdcd15e218ef442d8f0a09c
push id474
push userasasaki@mozilla.com
push dateMon, 02 Jun 2014 21:01:02 +0000
treeherdermozilla-release@967f4cf1b31c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbgirard, abillings
bugs969226
milestone30.0a2
Bug 969226 - Check if there is enough data to read u32 to avoid buffer overflow. r=bgirard, a=abillings
gfx/qcms/iccread.c
--- a/gfx/qcms/iccread.c
+++ b/gfx/qcms/iccread.c
@@ -1015,16 +1015,19 @@ qcms_profile* qcms_profile_from_memory(c
 	struct mem_source *src = &source;
 	struct tag_index index;
 	qcms_profile *profile;
 
 	source.buf = mem;
 	source.size = size;
 	source.valid = true;
 
+	if (size < 4)
+		return INVALID_PROFILE;
+
 	length = read_u32(src, 0);
 	if (length <= size) {
 		// shrink the area that we can read if appropriate
 		source.size = length;
 	} else {
 		return INVALID_PROFILE;
 	}