Check that the header size fits in the stream. (AOMediaCodec#2123)

BUG=b/335555272
libsdl-org · Apr 18, 2024 · 961e4fe · 961e4fe
1 parent 89f9b3a
commit 961e4fe
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -100,6 +100,7 @@ The changes are relative to the previous release, unless the baseline is specifi
   index_size.
 * 'infe' boxes with an item_type different from 'mime' and without a
   null-terminated item_name are now considered invalid as per ISO/IEC 14496-12.
+* Fix missing header size check (b/335555272).
 
 ## [1.0.4] - 2024-02-08
 

diff --git a/src/read.c b/src/read.c
@@ -4105,6 +4105,7 @@ avifBool avifPeekCompatibleFileType(const avifROData * input)
         // Either there is no brand requiring anything in the file but a FileTypebox (so not AVIF), or it is invalid.
         return AVIF_FALSE;
     }
+    AVIF_CHECK(avifROStreamHasBytesLeft(&s, header.size));
 
     avifFileType ftyp;
     memset(&ftyp, 0, sizeof(avifFileType));