mirror of
https://github.com/fergalmoran/ladybird.git
synced 2026-01-06 08:36:15 +00:00
97dc2d1dd5
read_webp_first_chunk() sensibly assumes that if decode_webp_header() succeeds, there are at least sizeof(WebPFileHeader) bytes available. But if the file size in the header was less than the size of the header, decode_webp_header() would truncate the data to less than that and happily report success. Now it no longer does that. Found by clusterfuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57843&sort=-opened&can=1&q=proj%3Aserenity