From 0c60e3015477fd52e67adfa8e6a9e7be39eb40e5 Mon Sep 17 00:00:00 2001 From: Christophe Grenier Date: Tue, 27 Aug 2019 07:55:08 +0200 Subject: [PATCH] PhotoRec: avoid a potential out-of-bound read in jpg_check_structure() --- src/file_jpg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/file_jpg.c b/src/file_jpg.c index 8c8ae088..bf82acd5 100644 --- a/src/file_jpg.c +++ b/src/file_jpg.c @@ -1449,7 +1449,7 @@ static uint64_t jpg_check_structure(file_recovery_t *file_recovery, const unsign { unsigned int offset; file_recovery->offset_error=0; - for(offset=file_recovery->blocksize; offset < nbytes && file_recovery->offset_error==0; offset+=file_recovery->blocksize) + for(offset=file_recovery->blocksize; offset + 30 < nbytes && file_recovery->offset_error==0; offset+=file_recovery->blocksize) { if(buffer[offset]==0xff && buffer[offset+1]==0xd8 && buffer[offset+2]==0xff && ((buffer[offset+3]==0xe1 && memcmp(&buffer[offset+6], "http://ns.adobe.com/xap/", 24)!=0)