diff options
author | iwashiira <89283357+iwashiira@users.noreply.github.com> | 2024-05-09 14:43:07 +0100 |
---|---|---|
committer | Andy Green <andy@warmcat.com> | 2024-05-09 14:43:33 +0100 |
commit | 72187434722a401c59799e311f52a0e232334e38 (patch) | |
tree | aafbcd1c54268bdcf7ac12ffd361fc7e89f89088 | |
parent | 9ba1504d01243b2076d8a085196f1b3cd73e365c (diff) | |
download | libwebsockets-upstream-main.tar.gz |
upng: check ims limitsupstream-main
-rw-r--r-- | lib/misc/upng.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/misc/upng.c b/lib/misc/upng.c index d89786d0..d62aee1c 100644 --- a/lib/misc/upng.c +++ b/lib/misc/upng.c @@ -484,6 +484,12 @@ lws_upng_decode(lws_upng_t* u, const uint8_t **_pos, size_t *_size) if (!u->inf.out) { size_t ims = (u->u.bypl * 2) + u->inf.info_size; + if (u->inf.info_size > ims) { + lwsl_err("%s: integer overflow occur in ims %llu", + __func__, (unsigned long long)ims); + return LWS_SRET_FATAL + 27; + } + if (u->hold_at_metadata) return LWS_SRET_AWAIT_RETRY; |