check for integer overflow in color_conversion_fuzzer (should fix Clu…

…sterfuzz issue 59814). Bug is in fuzzer code, not in library.
strukturag · Oct 12, 2023 · 94e5a84 · 94e5a84
1 parent a26bcb0
commit 94e5a84
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/fuzzing/color_conversion_fuzzer.cc b/fuzzing/color_conversion_fuzzer.cc
@@ -64,7 +64,10 @@ static bool read_plane(BitstreamRange* range,
   if (width <= 0 || height <= 0) {
     return false;
   }
-  if (!range->prepare_read(static_cast<uint64_t>(width) * height)) {
+  if (std::numeric_limits<size_t>::max()/width/height == 0) {
+    return false;
+  }
+  if (!range->prepare_read(static_cast<size_t>(width) * height)) {
     return false;
   }
   if (!image->add_plane(channel, width, height, bit_depth)) {
@@ -87,7 +90,10 @@ static bool read_plane_interleaved(BitstreamRange* range,
   if (width <= 0 || height <= 0) {
     return false;
   }
-  if (!range->prepare_read(static_cast<uint64_t>(width) * height * comps)) {
+  if (std::numeric_limits<size_t>::max()/width/height/comps == 0) {
+    return false;
+  }
+  if (!range->prepare_read(static_cast<size_t>(width) * height * comps)) {
     return false;
   }
   if (!image->add_plane(channel, width, height, bit_depth)) {