From eaee9e79f78bf7777017cff819ea556973b972ad Mon Sep 17 00:00:00 2001
From: Vikas Arora <vikasa@google.com>
Date: Fri, 8 Jun 2012 14:29:26 +0530
Subject: [PATCH] Bug-Fix: Decode small (less than 32 bytes) images.

ParseVP8X was checking for presence of extra 20 bytes (after RIFF header).
This check should not be executed for non-mux (non-VP8X) images.

Change-Id: I3fc89fa098ac0a53102e7bbf6c291269817c8e47
---
 src/dec/webp.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/dec/webp.c b/src/dec/webp.c
index 67614796..191bfc7f 100644
--- a/src/dec/webp.c
+++ b/src/dec/webp.c
@@ -96,7 +96,7 @@ static VP8StatusCode ParseVP8X(const uint8_t** data, size_t* data_size,
 
   *found_vp8x = 0;
 
-  if (*data_size < vp8x_size) {
+  if (*data_size < CHUNK_HEADER_SIZE) {
     return VP8_STATUS_NOT_ENOUGH_DATA;  // Insufficient data.
   }
 
@@ -105,6 +105,12 @@ static VP8StatusCode ParseVP8X(const uint8_t** data, size_t* data_size,
     if (chunk_size != VP8X_CHUNK_SIZE) {
       return VP8_STATUS_BITSTREAM_ERROR;  // Wrong chunk size.
     }
+
+    // Verify if enough data is available to validate the VP8X chunk.
+    if (*data_size < vp8x_size) {
+      return VP8_STATUS_NOT_ENOUGH_DATA;  // Insufficient data.
+    }
+
     if (flags != NULL) {
       *flags = get_le32(*data + 8);
     }