diff options
author | Erik de Castro Lopo <erikd@mega-nerd.com> | 2019-10-07 16:14:12 +1100 |
---|---|---|
committer | Erik de Castro Lopo <erikd@mega-nerd.com> | 2019-10-10 18:34:17 +1100 |
commit | 86431a66dcd2fa270b10b7c8421003cb82484cc9 (patch) | |
tree | c8a440b2a42cb25e3d0580c54e155a033d3e3887 /src | |
parent | 952d511655d57a0b3ddb5d20a67b3056a613c3ec (diff) | |
download | flac-86431a66dcd2fa270b10b7c8421003cb82484cc9.tar.gz |
libFLAC/bitwriter.c: Add sanity check to prevent excessive allocation
When fuzzing the encoder it is possible to cause the encoder to
allocate huge amounts of memory. Sanity check for the number of
bits to grow the bitwrite capacity and returning false (indicating
memory allocation failed) prevents this and seems to have no effect
in the encoding of non-fuzzing inputs.
Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17273
Testcase: fuzzer_encoder-5640245298593792
Diffstat (limited to 'src')
-rw-r--r-- | src/libFLAC/bitwriter.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/libFLAC/bitwriter.c b/src/libFLAC/bitwriter.c index 6e86585b..ed7ae0e8 100644 --- a/src/libFLAC/bitwriter.c +++ b/src/libFLAC/bitwriter.c @@ -107,6 +107,10 @@ FLAC__bool bitwriter_grow_(FLAC__BitWriter *bw, uint32_t bits_to_add) FLAC__ASSERT(0 != bw); FLAC__ASSERT(0 != bw->buffer); + /* sanity check */ + if (bits_to_add > 8 * 1024 * 1024) + return false; + /* calculate total words needed to store 'bits_to_add' additional bits */ new_capacity = bw->words + ((bw->bits + bits_to_add + FLAC__BITS_PER_WORD - 1) / FLAC__BITS_PER_WORD); |