https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18136

author Cristy <urban-warrior@imagemagick.org>

Sat, 12 Oct 2019 13:42:21 +0000 (09:42 -0400)

committer Cristy <urban-warrior@imagemagick.org>

Sat, 12 Oct 2019 13:42:21 +0000 (09:42 -0400)
author Cristy <urban-warrior@imagemagick.org>
Sat, 12 Oct 2019 13:42:21 +0000 (09:42 -0400)
committer Cristy <urban-warrior@imagemagick.org>
Sat, 12 Oct 2019 13:42:21 +0000 (09:42 -0400)
diff --git a/coders/webp.c b/coders/webp.c

index fd3246c0bb00301eb92c8c0cd8fe0cd1d2ac7cef..6dc808a53074047776d5ecba8d4b60270ad3f5ec 100644 (file)
--- a/coders/webp.c
+++ b/coders/webp.c
@@ -191,7 +191,7 @@ static MagickBooleanType IsWEBPImageLossless(const unsigned char *stream,
      Read extended header.
    */
    offset=RIFF_HEADER_SIZE+TAG_SIZE+CHUNK_SIZE_BYTES+VP8X_CHUNK_SIZE;
-  while (offset+TAG_SIZE <= (ssize_t) (length-TAG_SIZE))
+  while ((offset+TAG_SIZE+4) <= (ssize_t) (length-TAG_SIZE))
    {
      uint32_t
        chunk_size,
author	Cristy <urban-warrior@imagemagick.org>
	Sat, 12 Oct 2019 13:42:21 +0000 (09:42 -0400)
committer	Cristy <urban-warrior@imagemagick.org>
	Sat, 12 Oct 2019 13:42:21 +0000 (09:42 -0400)