dany/libwebp
1
0
Fork 0
mirror of https://github.com/webmproject/libwebp.git synced 2026-04-09 14:22:31 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

ALPHInit: move assignment closer to first use

Browse Source 
This fixes a spurious unsigned integer overflow with invalid content:

```
src/dec/alpha_dec.c:61:44: runtime error: unsigned integer overflow: 0 -
  1 cannot be represented in type 'size_t' (aka 'unsigned long')
```

Bug: 498965803, 498966235, 498966511, 498967090
Change-Id: I350d9144d0c1e4e35286e9e1ca68a574ff6f86a1
This commit is contained in:
James Zern
2026-04-02 10:20:09 -07:00
parent 0c9546f7ef
commit c696aadf69
5 changed files with 76 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
tests/fuzzer/animdecoder_fuzzer.cc
View File

@@ -16,10 +16,12 @@
#include <cstddef>
#include <cstdint>
#include <string>
#include <string_view>
#include "./fuzz_utils.h"
#include "./nalloc.h"
#include "gtest/gtest.h"
#include "imageio/imageio_util.h"
#include "webp/decode.h"
#include "webp/demux.h"
@@ -79,3 +81,12 @@ End:
FUZZ_TEST(AnimDecoder, AnimDecoderTest)
.WithDomains(fuzztest::String().WithMaxSize(fuzz_utils::kMaxWebPFileSize +
1));
TEST(AnimDecoder, Buganizer498967090) {
AnimDecoderTest(std::string(
"ALPH\000\000\000\000\000\000\000\000\003\000\000\000\014EBPVP8 "
"\030\000\000\0000\001\000\235\001*\002\000\001\000\003\0004%"
"\244\000\003~\000*\316\373\224\"AFM\"<0\334\"\231J\002`"
"\256\233\233\233\233\272\000\000",
72));
}