diff options
| author | Přemysl Eric Janouch <p@janouch.name> | 2021-12-12 23:39:02 +0100 |
|---|---|---|
| committer | Přemysl Eric Janouch <p@janouch.name> | 2021-12-12 23:39:36 +0100 |
| commit | 3ed23e423bf758678dcbd906e22d54f9e95b5f10 (patch) | |
| tree | 75eb6c944d354f8585fb954844d4a2bca8e40ad2 | |
| parent | 6c7d431e35ca100a733ed720f0431cd7822509e5 (diff) | |
| download | fiv-3ed23e423bf758678dcbd906e22d54f9e95b5f10.tar.gz fiv-3ed23e423bf758678dcbd906e22d54f9e95b5f10.tar.xz fiv-3ed23e423bf758678dcbd906e22d54f9e95b5f10.zip | |
Add pedantic WebP dimensions overflow checking
| -rw-r--r-- | fastiv-io.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/fastiv-io.c b/fastiv-io.c index 1dc04be..6362598 100644 --- a/fastiv-io.c +++ b/fastiv-io.c @@ -1212,8 +1212,13 @@ load_libwebp_animated(const WebPData *wd, GError **error) WebPAnimDecoder *dec = WebPAnimDecoderNew(wd, &options); WebPAnimDecoderGetInfo(dec, &info); - int last_timestamp = 0; cairo_surface_t *frames = NULL, *frames_tail = NULL; + if (info.canvas_width > INT_MAX || info.canvas_height > INT_MAX) { + set_error(error, "image dimensions overflow"); + goto fail; + } + + int last_timestamp = 0; while (WebPAnimDecoderHasMoreFrames(dec)) { cairo_surface_t *surface = load_libwebp_frame(dec, &info, &last_timestamp, error); |