From 5fcc02f75eba315bfba49b1b75ed5151f640676a Mon Sep 17 00:00:00 2001
From: bae <unknown>
Date: Thu, 10 Sep 2009 12:26:34 +0400
Subject: [PATCH] 6874643: ImageI/O JPEG is vulnerable to Heap Overflow
 Reviewed-by: prr, hawtin

---
 src/share/native/sun/awt/image/jpeg/imageioJPEG.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/share/native/sun/awt/image/jpeg/imageioJPEG.c b/src/share/native/sun/awt/image/jpeg/imageioJPEG.c
index 7d39c61e0..448232143 100644
--- a/src/share/native/sun/awt/image/jpeg/imageioJPEG.c
+++ b/src/share/native/sun/awt/image/jpeg/imageioJPEG.c
@@ -1833,6 +1833,13 @@ Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_readImage
         return JNI_FALSE;
     }
 
+    if (stepX > cinfo->image_width) {
+        stepX = cinfo->image_width;
+    }
+    if (stepY > cinfo->image_height) {
+        stepY = cinfo->image_height;
+    }
+
     /*
      * First get the source bands array and copy it to our local array
      * so we don't have to worry about pinning and unpinning it again.
-- 
GitLab