diff options
| author |  Leon Scroggins III <scroggo@google.com> | 2018-02-13 16:41:03 -0500 |
|---|---|---|
| committer |  Skia Commit-Bot <skia-commit-bot@chromium.org> | 2018-02-13 22:05:53 +0000 |
| commit | fee7cbaf44553dda1a0dd4bfc87a1dfc0d7dd369 (patch) | |
| tree | bb2150dcf14cba34c4f1d6c31c7d3dc3930afacd /src | |
| parent | ffdf3ec88065d43004100a55cffca2d0c6875b38 (diff) | |
Check the length of marker before reading it
Bug: os-fuzz:6295
Change-Id: I0ea9a3c54d61d41f21f2e9b945ab83fa2beb00d8
Reviewed-on: https://skia-review.googlesource.com/107025
Reviewed-by: Mike Klein <mtklein@chromium.org>
Commit-Queue: Leon Scroggins <scroggo@google.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/codec/SkJpegCodec.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/codec/SkJpegCodec.cpp b/src/codec/SkJpegCodec.cpp index d2c023b437..4f48886be2 100644 --- a/src/codec/SkJpegCodec.cpp +++ b/src/codec/SkJpegCodec.cpp @@ -62,7 +62,8 @@ static bool is_orientation_marker(jpeg_marker_struct* marker, SkEncodedOrigin* o bool is_orientation_marker(const uint8_t* data, size_t data_length, SkEncodedOrigin* orientation) { bool littleEndian; - if (!is_valid_endian_marker(data, &littleEndian)) { + // We need eight bytes to read the endian marker and the offset, below. + if (data_length < 8 || !is_valid_endian_marker(data, &littleEndian)) { return false; } |