beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-09-30 00:31:14 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

LibVideo: Check parsed superframe sizes when decoding VP9 frames

Browse source 
Make sure that the next parsed superframe size will not overflow the
chunk data before splitting it out to decode a frame.
This commit is contained in:
Andrew Kaster 2022-10-12 22:37:48 -06:00 committed by Linus Groh
parent 9d3074f72f
commit bf014c4d20
Notes: sideshowbarker 2024-07-17 05:59:35 +09:00 
Author: https://github.com/ADKaster
Commit: https://github.com/SerenityOS/serenity/commit/bf014c4d20
Pull-request: https://github.com/SerenityOS/serenity/pull/15560
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Userland/Libraries/LibVideo/VP9/Decoder.cpp
View file

@ -29,9 +29,13 @@ DecoderErrorOr<void> Decoder::decode(Span<const u8> chunk_data)
size_t offset = 0;
for (auto superframe_size : superframe_sizes) {
auto checked_size = Checked<size_t>(superframe_size);
checked_size += offset;
if (checked_size.has_overflow() || checked_size.value() > chunk_data.size())
return DecoderError::with_description(DecoderErrorCategory::Corrupted, "Superframe size invalid"sv);
auto frame_data = chunk_data.slice(offset, superframe_size);
TRY(decode_frame(frame_data));
offset += superframe_size;
offset = checked_size.value();
}
return {};