mirror of
https://github.com/SerenityOS/serenity
synced 2024-10-15 04:13:11 +00:00
LibGfx: Fix bounds overflow in JPGLoader
Taotao Gu has been fuzzing serenity libs with their own custom fuzzer. They reported some issues it found privately, this overflow was found in the JPGLoader using that fuzzer. Reported-by: Taotao Gu <gutaotao1995@qq.com>
This commit is contained in:
parent
4ea910d129
commit
9191829a39
|
@ -420,6 +420,8 @@ static Optional<Vector<Macroblock>> decode_huffman_stream(JPGLoadingContext& con
|
|||
|
||||
static inline bool bounds_okay(const size_t cursor, const size_t delta, const size_t bound)
|
||||
{
|
||||
if (Checked<size_t>::addition_would_overflow(delta, cursor))
|
||||
return false;
|
||||
return (delta + cursor) < bound;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue