fergalmoran/ladybird
1
0
Fork 0
mirror of https://github.com/fergalmoran/ladybird.git synced 2026-01-06 08:36:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibGfx: Bounds check component indices before using them in JPGLoader

Browse Source 
With this, I don't see any crashes in 10 min of fuzzing (but still
get OOMs).
This commit is contained in:
Nico Weber
2020-11-19 12:42:54 -05:00
committed by Andreas Kling
parent a8318b15a7
commit 7042490e41
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Libraries/LibGfx/JPGLoader.cpp
View File

@@ -296,6 +296,12 @@ static bool build_macroblocks(JPGLoadingContext& context, Vector<Macroblock>& ma
{
for (u32 cindex = 0; cindex < context.component_count; cindex++) {
auto& component = context.components[cindex];
if (component.dc_destination_id >= context.dc_tables.size())
return false;
if (component.ac_destination_id >= context.ac_tables.size())
return false;
for (u8 vfactor_i = 0; vfactor_i < component.vsample_factor; vfactor_i++) {
for (u8 hfactor_i = 0; hfactor_i < component.hsample_factor; hfactor_i++) {
u32 mb_index = (vcursor + vfactor_i) * context.mblock_meta.hpadded_count + (hfactor_i + hcursor);