50 lines
1.9 KiB
Diff
50 lines
1.9 KiB
Diff
diff --git a/src/webpimage.cpp b/src/webpimage.cpp
|
|
index e4057d6..f1dd77c 100644
|
|
--- a/src/webpimage.cpp
|
|
+++ b/src/webpimage.cpp
|
|
@@ -44,6 +44,8 @@
|
|
#include "tiffimage.hpp"
|
|
#include "tiffimage_int.hpp"
|
|
#include "convert.hpp"
|
|
+#include "enforce.hpp"
|
|
+
|
|
#include <cmath>
|
|
#include <iomanip>
|
|
#include <string>
|
|
@@ -516,6 +518,8 @@ namespace Exiv2 {
|
|
DataBuf payload(size);
|
|
|
|
if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8X) && !has_canvas_data) {
|
|
+ enforce(size >= 10, Exiv2::kerCorruptedMetadata);
|
|
+
|
|
has_canvas_data = true;
|
|
byte size_buf[WEBP_TAG_SIZE];
|
|
|
|
@@ -531,6 +535,8 @@ namespace Exiv2 {
|
|
size_buf[3] = 0;
|
|
pixelHeight_ = Exiv2::getULong(size_buf, littleEndian) + 1;
|
|
} else if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8) && !has_canvas_data) {
|
|
+ enforce(size >= 10, Exiv2::kerCorruptedMetadata);
|
|
+
|
|
has_canvas_data = true;
|
|
io_->read(payload.pData_, payload.size_);
|
|
byte size_buf[WEBP_TAG_SIZE];
|
|
@@ -547,6 +553,8 @@ namespace Exiv2 {
|
|
size_buf[3] = 0;
|
|
pixelHeight_ = Exiv2::getULong(size_buf, littleEndian) & 0x3fff;
|
|
} else if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_VP8L) && !has_canvas_data) {
|
|
+ enforce(size >= 5, Exiv2::kerCorruptedMetadata);
|
|
+
|
|
has_canvas_data = true;
|
|
byte size_buf_w[2];
|
|
byte size_buf_h[3];
|
|
@@ -564,6 +572,8 @@ namespace Exiv2 {
|
|
size_buf_h[1] = ((size_buf_h[1] >> 6) & 0x3) | ((size_buf_h[2] & 0xF) << 0x2);
|
|
pixelHeight_ = Exiv2::getUShort(size_buf_h, littleEndian) + 1;
|
|
} else if (equalsWebPTag(chunkId, WEBP_CHUNK_HEADER_ANMF) && !has_canvas_data) {
|
|
+ enforce(size >= 12, Exiv2::kerCorruptedMetadata);
|
|
+
|
|
has_canvas_data = true;
|
|
byte size_buf[WEBP_TAG_SIZE];
|
|
|