dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2024-11-20 04:18:26 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix read-overflow while parsing VP8X chunk

Browse Source 
The available size was not checked before parsing the VP8X data

BUG=oss-fuzz:9100,oss-fuzz:9123

Change-Id: I0143cc4554883c1015e2f084a0e371229e04a8ca
This commit is contained in:
Pascal Massimino 2018-07-01 20:01:12 -07:00 committed by James Zern
parent 29fb8562c6
commit 95fd650706
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/mux/muxread.c
View File

@ -264,6 +264,7 @@ WebPMux* WebPMuxCreateInternal(const WebPData* bitstream, int copy_data,
chunk_list = MuxGetChunkListFromId(mux, id); // List to add this chunk.
if (ChunkSetNth(&chunk, chunk_list, 0) != WEBP_MUX_OK) goto Err;
if (id == WEBP_CHUNK_VP8X) { // grab global specs
if (data_size < CHUNK_HEADER_SIZE + VP8X_CHUNK_SIZE) goto Err;
mux->canvas_width_ = GetLE24(data + 12) + 1;
mux->canvas_height_ = GetLE24(data + 15) + 1;
}