Fixed boundary check (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7263)

author Dirk Lemstra <dirk@git.imagemagick.org>

Sun, 1 Apr 2018 13:04:34 +0000 (15:04 +0200)

committer Dirk Lemstra <dirk@git.imagemagick.org>

Sun, 1 Apr 2018 13:04:57 +0000 (15:04 +0200)
author Dirk Lemstra <dirk@git.imagemagick.org>
Sun, 1 Apr 2018 13:04:34 +0000 (15:04 +0200)
committer Dirk Lemstra <dirk@git.imagemagick.org>
Sun, 1 Apr 2018 13:04:57 +0000 (15:04 +0200)
diff --git a/coders/webp.c b/coders/webp.c

index 58693d9f4ef4e4cf63c2a64233e585d066013852..273fa98dd8ca7bae9114aa4c3b2bb6bb1db49e48 100644 (file)
--- a/coders/webp.c
+++ b/coders/webp.c
@@ -189,7 +189,7 @@ static MagickBooleanType IsWEBPImageLossless(const unsigned char *stream,
      Read extended header.
    */
    offset=RIFF_HEADER_SIZE+TAG_SIZE+CHUNK_SIZE_BYTES+VP8X_CHUNK_SIZE;
-  while (offset <= (ssize_t) (length-TAG_SIZE))
+  while (offset+TAG_SIZE <= (ssize_t) (length-TAG_SIZE))
    {
      uint32_t
        chunk_size,
author	Dirk Lemstra <dirk@git.imagemagick.org>
	Sun, 1 Apr 2018 13:04:34 +0000 (15:04 +0200)
committer	Dirk Lemstra <dirk@git.imagemagick.org>
	Sun, 1 Apr 2018 13:04:57 +0000 (15:04 +0200)