From 592a76c1c096dad29322688b5da8763a680b96d8 Mon Sep 17 00:00:00 2001 From: Sven Steudte Date: Mon, 20 Sep 2021 19:13:11 +0200 Subject: [PATCH] Added exception for corrupt marker data --- ssdv.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/ssdv.c b/ssdv.c index c05b4ec..c6f8b84 100644 --- a/ssdv.c +++ b/ssdv.c @@ -721,7 +721,7 @@ static char ssdv_have_marker(ssdv_t *s) static char ssdv_have_marker_data(ssdv_t *s) { uint8_t *d = s->marker_data; - size_t l = s->marker_len; + ssize_t l = s->marker_len; int i; switch(s->marker) @@ -879,6 +879,11 @@ static char ssdv_have_marker_data(ssdv_t *s) j += d[i]; l -= j; + if (l < 0) + { + fprintf(stderr, "The image has an invalid marker length\n"); + return(SSDV_ERROR); + } d += j; } break; @@ -895,6 +900,11 @@ static char ssdv_have_marker_data(ssdv_t *s) /* Skip to the next one, if present */ l -= 65; + if (l < 0) + { + fprintf(stderr, "The image has an invalid marker length\n"); + return(SSDV_ERROR); + } d += 65; } break;