Reject JBig2 Huffman table with too large shift value

core/fxcodec/jbig2/JBig2_HuffmanTable.cpp

Index: core/fxcodec/jbig2/JBig2_HuffmanTable.cpp
diff --git a/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp b/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp
index 3b34018c2d4c111fcf0ab4d7306f51bda38383b3..26f0e52310d554e754f6e964955e2a93597c33d3 100644
--- a/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp
+++ b/core/fxcodec/jbig2/JBig2_HuffmanTable.cpp
@@ -64,7 +64,8 @@ bool CJBig2_HuffmanTable::ParseFromCodedBuffer(CJBig2_BitStream* pStream) {
   int cur_low = low;
   do {
     if ((pStream->readNBits(HTPS, &PREFLEN[NTEMP]) == -1) ||
-        (pStream->readNBits(HTRS, &RANGELEN[NTEMP]) == -1)) {
+        (pStream->readNBits(HTRS, &RANGELEN[NTEMP]) == -1) ||
+        (static_cast<size_t>(RANGELEN[NTEMP]) >= 8 * sizeof(cur_low))) {
       return false;
     }
     RANGELOW[NTEMP] = cur_low;