decode: protect from invalid ACDS.num_segidx

Fixes fuzzing GH #259 by @seviezhou
LibreDWG · Aug 2, 2020 · a3679b4 · a3679b4
1 parent dac8fcc
commit a3679b4
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/acds.spec b/src/acds.spec
@@ -44,6 +44,11 @@
   FIELD_RL (file_size, 0);
 #ifdef IS_DECODER
   dat->byte = _obj->segidx_offset;
+  if (_obj->num_segidx * sizeof (Dwg_AcDs_Segment) > (dat->size - dat->byte))
+    {
+      LOG_ERROR ("Invalid num_segidx");
+      return DWG_ERR_VALUEOUTOFBOUNDS;
+    }
   _obj->segments = calloc (_obj->num_segidx, sizeof (Dwg_AcDs_Segment));
 #endif
 #ifndef IS_JSON