From 3ed23e423bf758678dcbd906e22d54f9e95b5f10 Mon Sep 17 00:00:00 2001 From: Přemysl Eric Janouch
Date: Sun, 12 Dec 2021 23:39:02 +0100 Subject: Add pedantic WebP dimensions overflow checking --- fastiv-io.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fastiv-io.c b/fastiv-io.c index 1dc04be..6362598 100644 --- a/fastiv-io.c +++ b/fastiv-io.c @@ -1212,8 +1212,13 @@ load_libwebp_animated(const WebPData *wd, GError **error) WebPAnimDecoder *dec = WebPAnimDecoderNew(wd, &options); WebPAnimDecoderGetInfo(dec, &info); - int last_timestamp = 0; cairo_surface_t *frames = NULL, *frames_tail = NULL; + if (info.canvas_width > INT_MAX || info.canvas_height > INT_MAX) { + set_error(error, "image dimensions overflow"); + goto fail; + } + + int last_timestamp = 0; while (WebPAnimDecoderHasMoreFrames(dec)) { cairo_surface_t *surface = load_libwebp_frame(dec, &info, &last_timestamp, error); -- cgit v1.2.3-70-g09d2