commit 5977bbe71d2afc1b836080515fb9503db4a14bfa Author: Jeff Muizelaar jmuizelaar@mozilla.com Date: Fri Apr 11 10:25:01 2014 -0400

Bug 969226 - Check if there is enough data to read u32 to avoid buffer overflow. r=bgirard, a=abillings --- gfx/qcms/iccread.c | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/gfx/qcms/iccread.c b/gfx/qcms/iccread.c index 5c72cf3..63bd090 100644 --- a/gfx/qcms/iccread.c +++ b/gfx/qcms/iccread.c @@ -1007,6 +1007,9 @@ qcms_profile* qcms_profile_from_memory(const void *mem, size_t size) source.size = size; source.valid = true;

+ if (size < 4) + return INVALID_PROFILE; + length = read_u32(src, 0); if (length <= size) { // shrink the area that we can read if appropriate