Skip to content

Commit

Permalink
Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detai…
Browse files Browse the repository at this point in the history 
…l?id=61675

Avoid integer overflow in the calculation of available_out.
  • Loading branch information
@kevinbackhouse
kevinbackhouse committed Nov 5, 2023
1 parent 87b2fa4 commit 39e56d5
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/bmffimage.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ void BmffImage::brotliUncompress(const byte* compressedBuf, size_t compressedBuf
uncompressedLen *= 2;
// DoS protection - can't be bigger than 128k
if (uncompressedLen > 131072) {
if (++dos > 1)
if (++dos > 1 || total_out > 131072)
break;
uncompressedLen = 131072;
}
Expand Down

0 comments on commit 39e56d5

Please sign in to comment.