Mirrors/lofty-rs
2
0
Fork 0
mirror of https://github.com/Serial-ATA/lofty-rs synced 2024-12-13 14:12:31 +00:00
Code Issues Projects Releases Packages Wiki Activity

PictureInformation: Fix potential overflowing addition in from_png

Browse source
This commit is contained in:
Serial 2022-07-11 16:57:03 -04:00
parent f99a587391
commit 2f62ff9b60
No known key found for this signature in database
GPG key ID: DA95198DC17C4568
2 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/picture.rs
View file

@ -374,7 +374,12 @@ impl PictureInformation {
}
// Skip the chunk's data (size) and CRC (4 bytes)
reader.seek(SeekFrom::Current(i64::from(size + 4)))?;
let (content_size, overflowed) = size.overflowing_add(4);
if overflowed {
break;
}
reader.seek(SeekFrom::Current(i64::from(content_size)))?;
}
Ok(ret)

11
tests/fuzz/pictureinformation_from_png.rs
View file

@ -1 +1,10 @@
// TODO
use crate::get_reader;
use lofty::PictureInformation;
#[test]
fn crash1() {
let reader =
get_reader("pictureinformation_from_png/crash-9cca0ac668e4735a0aac8eddb91a50b9351b419c");
let _ = PictureInformation::from_png(reader.get_ref()).unwrap();
}