Skip to content
Permalink
Browse files Browse the repository at this point in the history
Set max image size to 16384 * 16384
  • Loading branch information
wantehchang authored and joedrago committed Aug 10, 2020
1 parent 5b32ce1 commit 0a8e724
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
4 changes: 4 additions & 0 deletions include/avif/internal.h
Expand Up @@ -241,6 +241,10 @@ typedef struct avifSequenceHeader
} avifSequenceHeader;
avifBool avifSequenceHeaderParse(avifSequenceHeader * header, const avifROData * sample);

// A maximum image size to avoid out-of-memory errors or integer overflow in
// (32-bit) int or unsigned int arithmetic operations.
#define AVIF_MAX_IMAGE_SIZE (16384 * 16384)

#ifdef __cplusplus
} // extern "C"
#endif
Expand Down
3 changes: 3 additions & 0 deletions src/read.c
Expand Up @@ -980,6 +980,9 @@ static avifBool avifParseImageGridBox(avifImageGrid * grid, const uint8_t * raw,
CHECK(avifROStreamReadU32(&s, &grid->outputWidth)); // unsigned int(FieldLength) output_width;
CHECK(avifROStreamReadU32(&s, &grid->outputHeight)); // unsigned int(FieldLength) output_height;
}
if (grid->outputWidth > AVIF_MAX_IMAGE_SIZE / grid->outputHeight) {
return AVIF_FALSE;
}
return AVIF_TRUE;
}

Expand Down

0 comments on commit 0a8e724

Please sign in to comment.