dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2025-01-27 15:12:54 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

WebPAnimDecoderNewInternal: validate bitstream before alloc

Browse Source 
this avoids large allocations with corrupt files due to the canvas size

BUG=oss-fuzz:28658

Change-Id: Idd1957e5447a2dadaef1fadaf68820fcb29f045a
This commit is contained in:
James Zern 2020-12-18 11:31:44 -08:00
parent 47f64f6edd
commit 9c367bc602
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/demux/anim_decode.c
View File

@ -87,11 +87,19 @@ WebPAnimDecoder* WebPAnimDecoderNewInternal(
int abi_version) { int abi_version) {
WebPAnimDecoderOptions options; WebPAnimDecoderOptions options;
WebPAnimDecoder* dec = NULL; WebPAnimDecoder* dec = NULL;
WebPBitstreamFeatures features;
if (webp_data == NULL || if (webp_data == NULL ||
WEBP_ABI_IS_INCOMPATIBLE(abi_version, WEBP_DEMUX_ABI_VERSION)) { WEBP_ABI_IS_INCOMPATIBLE(abi_version, WEBP_DEMUX_ABI_VERSION)) {
return NULL; return NULL;
} }
// Validate the bitstream before doing expensive allocations. The demuxer may
// be more tolerant than the decoder.
if (WebPGetFeatures(webp_data->bytes, webp_data->size, &features) !=
VP8_STATUS_OK) {
return NULL;
}
// Note: calloc() so that the pointer members are initialized to NULL. // Note: calloc() so that the pointer members are initialized to NULL.
dec = (WebPAnimDecoder*)WebPSafeCalloc(1ULL, sizeof(*dec)); dec = (WebPAnimDecoder*)WebPSafeCalloc(1ULL, sizeof(*dec));
if (dec == NULL) goto Error; if (dec == NULL) goto Error;