3 files changed, 12 insertions, 4 deletions

diff --git a/resources/invalid_images/osfuzz6295.webp b/resources/invalid_images/osfuzz6295.webp
new file mode 100644
index 0000000000..bb20aba1a7
--- /dev/null
+++ b/resources/invalid_images/osfuzz6295.webp
diff --git a/src/codec/SkJpegCodec.cpp b/src/codec/SkJpegCodec.cpp
index d2c023b437..4f48886be2 100644
--- a/src/codec/SkJpegCodec.cpp
+++ b/src/codec/SkJpegCodec.cpp
@@ -62,7 +62,8 @@ static bool is_orientation_marker(jpeg_marker_struct* marker, SkEncodedOrigin* o
 
 bool is_orientation_marker(const uint8_t* data, size_t data_length, SkEncodedOrigin* orientation) {
     bool littleEndian;
-    if (!is_valid_endian_marker(data, &littleEndian)) {
+    // We need eight bytes to read the endian marker and the offset, below.
+    if (data_length < 8 || !is_valid_endian_marker(data, &littleEndian)) {
         return false;
     }
 
diff --git a/tests/CodecTest.cpp b/tests/CodecTest.cpp
index df94547600..8172751cf6 100644
--- a/tests/CodecTest.cpp
+++ b/tests/CodecTest.cpp
@@ -621,14 +621,20 @@ DEF_TEST(Codec_Dimensions, r) {
 }
 
 static void test_invalid(skiatest::Reporter* r, const char path[]) {
-    std::unique_ptr<SkStream> stream(GetResourceAsStream(path));
-    if (!stream) {
+    auto data = GetResourceAsData(path);
+    if (!data) {
+        ERRORF(r, "Failed to get resources %s", path);
         return;
     }
-    REPORTER_ASSERT(r, !SkCodec::MakeFromStream(std::move(stream)));
+
+    REPORTER_ASSERT(r, !SkCodec::MakeFromData(data));
 }
 
 DEF_TEST(Codec_Empty, r) {
+    if (GetResourcePath().isEmpty()) {
+        return;
+    }
+
     // Test images that should not be able to create a codec
     test_invalid(r, "empty_images/zero-dims.gif");
     test_invalid(r, "empty_images/zero-embedded.ico");
@@ -648,6 +654,7 @@ DEF_TEST(Codec_Empty, r) {
     test_invalid(r, "empty_images/zero_height.tiff");
 #endif
     test_invalid(r, "invalid_images/b37623797.ico");
+    test_invalid(r, "invalid_images/osfuzz6295.webp");
 }
 
 #ifdef PNG_READ_UNKNOWN_CHUNKS_SUPPORTED