commit | 34c0d3147f3d30e1218bceda410c978481a5e1be | [log] [tgz] |
---|---|---|
author | Joe Drago <jdrago@netflix.com> | Thu Apr 30 15:23:03 2020 -0700 |
committer | Joe Drago <jdrago@netflix.com> | Thu Apr 30 15:24:38 2020 -0700 |
tree | d41814faa7a22d2067e9b290c646d8c5a2ae3b27 | |
parent | a7d479eccdf4728f7209dbdcd6ada8ecaca64b4f [diff] |
Protect against oversized (out of bounds) samples in avif sample tables Fixes oss-fuzz @ 21947
diff --git a/src/read.c b/src/read.c index 735d841..f258846 100644 --- a/src/read.c +++ b/src/read.c
@@ -344,6 +344,9 @@ if (sampleOffset > (uint64_t)rawInput->size) { return AVIF_FALSE; } + if ((sampleOffset + sampleSize) > (uint64_t)rawInput->size) { + return AVIF_FALSE; + } sampleOffset += sampleSize; ++sampleSizeIndex;