Google Git
Sign in
aomedia/libavif/d8d6057d33c1284d052ae605515e254906861bce^!/.
commit
d8d6057d33c1284d052ae605515e254906861bce
[log]
author
wantehchang <wtc@google.com>
Tue Aug 11 14:18:46 2020 -0700
committer
GitHub <noreply@github.com>
Tue Aug 11 14:18:46 2020 -0700
tree
ca0509b20d240d3b37977454432fa49b1c434d0f
parent
4cfee6282b97533e6c99183ddf7a897173755c69 [diff]
Disallow zero grid output_width or output_height (#265)

Fix https://crbug.com/oss-fuzz/24818 and
https://crbug.com/oss-fuzz/24821. These bugs were introduced by my fix
for https://crbug.com/oss-fuzz/24728 and
https://crbug.com/oss-fuzz/24734.
diff --git a/src/read.c b/src/read.c
index bb0d39f..2297a69 100644
--- a/src/read.c
+++ b/src/read.c

@@ -983,7 +983,7 @@
         CHECK(avifROStreamReadU32(&s, &grid->outputWidth));  // unsigned int(FieldLength) output_width;
         CHECK(avifROStreamReadU32(&s, &grid->outputHeight)); // unsigned int(FieldLength) output_height;
     }
-    if (grid->outputWidth > AVIF_MAX_IMAGE_SIZE / grid->outputHeight) {
+    if (grid->outputWidth == 0 || grid->outputHeight == 0 || grid->outputWidth > AVIF_MAX_IMAGE_SIZE / grid->outputHeight) {
         return AVIF_FALSE;
     }
     return AVIF_TRUE;