libFLAC/bitwriter.c: Add sanity check to prevent excessive allocation

When fuzzing the encoder it is possible to cause the encoder to allocate huge amounts of memory. Sanity check for the number of bits to grow the bitwrite capacity and returning false (indicating memory allocation failed) prevents this and seems to have no effect in the encoding of non-fuzzing inputs. Credit: Oss-Fuzz Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17273 Testcase: fuzzer_encoder-5640245298593792
author: Erik de Castro Lopo <erikd@mega-nerd.com> 2019-10-07 16:14:12 +1100
committer: Erik de Castro Lopo <erikd@mega-nerd.com> 2019-10-10 18:34:17 +1100
commit: 86431a66dcd2fa270b10b7c8421003cb82484cc9 (patch)
tree: c8a440b2a42cb25e3d0580c54e155a033d3e3887
parent: 952d511655d57a0b3ddb5d20a67b3056a613c3ec (diff)
download: flac-86431a66dcd2fa270b10b7c8421003cb82484cc9.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libFLAC/bitwriter.c b/src/libFLAC/bitwriter.c
index 6e86585b..ed7ae0e8 100644
--- a/src/libFLAC/bitwriter.c
+++ b/src/libFLAC/bitwriter.c
@@ -107,6 +107,10 @@ FLAC__bool bitwriter_grow_(FLAC__BitWriter *bw, uint32_t bits_to_add)
 	FLAC__ASSERT(0 != bw);
 	FLAC__ASSERT(0 != bw->buffer);
 
+	/* sanity check */
+	if (bits_to_add > 8 * 1024 * 1024)
+		return false;
+
 	/* calculate total words needed to store 'bits_to_add' additional bits */
 	new_capacity = bw->words + ((bw->bits + bits_to_add + FLAC__BITS_PER_WORD - 1) / FLAC__BITS_PER_WORD);
author	Erik de Castro Lopo <erikd@mega-nerd.com>	2019-10-07 16:14:12 +1100
committer	Erik de Castro Lopo <erikd@mega-nerd.com>	2019-10-10 18:34:17 +1100
commit	86431a66dcd2fa270b10b7c8421003cb82484cc9 (patch)
tree	c8a440b2a42cb25e3d0580c54e155a033d3e3887
parent	952d511655d57a0b3ddb5d20a67b3056a613c3ec (diff)
download	flac-86431a66dcd2fa270b10b7c8421003cb82484cc9.tar.gz