c/libjpeg-turbo
1
0
Fork 0
mirror of https://github.com/libjpeg-turbo/libjpeg-turbo synced 2025-03-28 21:13:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

JNI: Guard against int. overflow w/ ICC profiles

Browse Source
This commit is contained in:
DRC 2024-09-14 12:42:12 -04:00
parent 9b01f5a057
commit 6d02718d9a
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
java/turbojpeg-jni.c
View File

@ -675,6 +675,8 @@ JNIEXPORT jbyteArray JNICALL Java_org_libjpegturbo_turbojpeg_TJDecompressor_getI
if (tj3GetICCProfile(handle, &iccBuf, &iccSize) == -1)
THROW_TJ();
if (iccSize > (size_t)INT_MAX)
THROW_ARG("ICC profile is too large");
BAILIF0(icc = (*env)->NewByteArray(env, (jsize)iccSize));
BAILIF0NOEC(jICCBuf = (*env)->GetPrimitiveArrayCritical(env, icc, 0));
@ -696,6 +698,8 @@ JNIEXPORT jint JNICALL Java_org_libjpegturbo_turbojpeg_TJDecompressor_getICCSize
GET_HANDLE();
tj3GetICCProfile(handle, NULL, &iccSize);
if (iccSize > (size_t)INT_MAX)
THROW_ARG("ICC profile is too large");
bailout:
return (jint)iccSize;