image/jpeg: reject bad Tq values in SOF data.

Fixes #10154 Change-Id: Ibb8ea9bcf512e7639c57a6f17afbe4495fa329cd Reviewed-on: https://go-review.googlesource.com/7494 Reviewed-by: Minux Ma <minux@golang.org>
author: Nigel Tao <nigeltao@golang.org> 2015-03-13 14:38:25 +1100
committer: Nigel Tao <nigeltao@golang.org> 2015-03-13 05:22:55 +0000
commit: 3eb84c8908dbe585ef156c8a3bad83ca7f4da288 (patch)
tree: 53c913a2c011d12368cf71266adfeb9fd1314c15 /src/image
parent: f076ad893b70048cb4955bf04dbbec0adeb27dd7 (diff)
download: go-3eb84c8908dbe585ef156c8a3bad83ca7f4da288.tar.xz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/image/jpeg/reader.go b/src/image/jpeg/reader.go
index 12b20a6922..5c5465283a 100644
--- a/src/image/jpeg/reader.go
+++ b/src/image/jpeg/reader.go
@@ -331,6 +331,10 @@ func (d *decoder) processSOF(n int) error {
 		}
 
 		d.comp[i].tq = d.tmp[8+3*i]
+		if d.comp[i].tq > maxTq {
+			return FormatError("bad Tq value")
+		}
+
 		hv := d.tmp[7+3*i]
 		h, v := int(hv>>4), int(hv&0x0f)
 		if h < 1 || 4 < h || v < 1 || 4 < v {
author	Nigel Tao <nigeltao@golang.org>	2015-03-13 14:38:25 +1100
committer	Nigel Tao <nigeltao@golang.org>	2015-03-13 05:22:55 +0000
commit	3eb84c8908dbe585ef156c8a3bad83ca7f4da288 (patch)
tree	53c913a2c011d12368cf71266adfeb9fd1314c15 /src/image
parent	f076ad893b70048cb4955bf04dbbec0adeb27dd7 (diff)
download	go-3eb84c8908dbe585ef156c8a3bad83ca7f4da288.tar.xz