Merge "Properly check the data size against the end of the RIFF chunk" into main

This commit is contained in:
Vincent Rabaud 2024-12-10 08:10:16 +00:00 committed by Gerrit Code Review
commit 1b4c967fbb

View File

@ -223,6 +223,8 @@ WebPMux* WebPMuxCreateInternal(const WebPData* bitstream, int copy_data,
// Note this padding is historical and differs from demux.c which does not
// pad the file size.
riff_size = SizeWithPadding(riff_size);
// Make sure the whole RIFF header is available.
if (riff_size < RIFF_HEADER_SIZE) goto Err;
if (riff_size > size) goto Err;
// There's no point in reading past the end of the RIFF chunk. Note riff_size
// includes CHUNK_HEADER_SIZE after SizeWithPadding().