dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2024-12-26 05:38:22 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Properly check the data size against the end of the RIFF chunk

Browse Source 
Bug: oss-fuzz:382816119

Change-Id: I629870246d8f1bd7c6cb0d66e89018600cecee3a
This commit is contained in:
Vincent Rabaud 2024-12-09 23:00:12 +01:00
parent fcff86c71b
commit 9e5ecfaf00
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/mux/muxread.c
View File

@ -223,6 +223,8 @@ WebPMux* WebPMuxCreateInternal(const WebPData* bitstream, int copy_data,
// Note this padding is historical and differs from demux.c which does not // Note this padding is historical and differs from demux.c which does not
// pad the file size. // pad the file size.
riff_size = SizeWithPadding(riff_size); riff_size = SizeWithPadding(riff_size);
// Make sure the whole RIFF header is available.
if (riff_size < RIFF_HEADER_SIZE) goto Err;
if (riff_size > size) goto Err; if (riff_size > size) goto Err;
// There's no point in reading past the end of the RIFF chunk. Note riff_size // There's no point in reading past the end of the RIFF chunk. Note riff_size
// includes CHUNK_HEADER_SIZE after SizeWithPadding(). // includes CHUNK_HEADER_SIZE after SizeWithPadding().