validate filesize before allocating chunk memory (#1161)

Signed-off-by: Peter Hillman <peterh@wetafx.co.nz>
AcademySoftwareFoundation · Sep 28, 2021 · 35b6908 · 35b6908
1 parent c2e7a37
commit 35b6908
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/src/lib/OpenEXRCore/chunk.c b/src/lib/OpenEXRCore/chunk.c
@@ -70,6 +70,17 @@ extract_chunk_table (
             return ctxt->report_error (
                 ctxt, EXR_ERR_INVALID_ARGUMENT, "Invalid file with no chunks");
 
+        if (chunkbytes + chunkoff > (uint64_t) ctxt->file_size)
+           return ctxt->print_error (
+               ctxt,
+               EXR_ERR_INVALID_ARGUMENT,
+               "chunk table size (%" PRIu64
+               ") too big for file size (%" PRId64 ")",
+               chunkbytes,
+               ctxt->file_size);
+
+
+
         ctable = (uint64_t*) ctxt->alloc_fn (chunkbytes);
         if (ctable == NULL)
             return ctxt->standard_error (ctxt, EXR_ERR_OUT_OF_MEMORY);