Commit 3050b4e1 authored by Frediano Ziglio's avatar Frediano Ziglio

lz: Avoid buffer reading overflow checking for image type

The type of the image is just copied from network without
any check and later used for array indexing.
Signed-off-by: Frediano Ziglio's avatarFrediano Ziglio <fziglio@redhat.com>
Acked-by: Uri Lublin's avatarUri Lublin <uril@redhat.com>
parent 16aa8c98
......@@ -593,6 +593,9 @@ void lz_decode_begin(LzContext *lz, uint8_t *io_ptr, unsigned int num_io_bytes,
}
encoder->type = (LzImageType)decode_32(encoder);
if (encoder->type <= LZ_IMAGE_TYPE_INVALID || encoder->type > LZ_IMAGE_TYPE_A8) {
encoder->usr->error(encoder->usr, "invalid lz type %d\n", encoder->type);
}
encoder->width = decode_32(encoder);
encoder->height = decode_32(encoder);
encoder->stride = decode_32(encoder);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment