From 4933e44ead8f5acccbc8140a2b041bed77a58614 Mon Sep 17 00:00:00 2001
From: Tristan Matthews <tmatth@videolan.org>
Date: Fri, 14 Feb 2020 10:21:23 -0500
Subject: [PATCH] configure: add --enable-mem-constraint option

This will bail on files exceeding 16384x16384 (useful for fuzzing).
---
 configure.ac  | 10 ++++++++++
 lib/decinfo.c | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/configure.ac b/configure.ac
index 2860be58..2de197f6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -502,6 +502,15 @@ if test "x${ac_enable_telemetry}" = xyes; then
    AC_SUBST(CAIRO_LIBS)
 fi
 
+dnl add safety rails for fuzzing
+AC_ARG_ENABLE(mem-constraint,
+    AS_HELP_STRING([--enable-mem-constraint], [Abort if size exceeds 16384x16384 (for fuzzing only)]),
+    [ ac_enable_mem_constraint=$enableval ], [ ac_enable_mem_constraint=no] )
+
+if test "x${ac_enable_mem_constraint}" = xyes; then
+   AC_DEFINE([HAVE_MEMORY_CONSTRAINT], [],  [Abort if size exceeds 16384x16384 (for fuzzing only)])
+fi
+
 dnl --------------------------------------------------
 dnl Overall build configuration options
 dnl --------------------------------------------------
@@ -623,6 +632,7 @@ AC_MSG_RESULT([
     Encoding support: ........... ${ac_enable_encode}
     Assembly optimization: ...... ${cpu_optimization}
     Debugging telemetry: ........ ${ac_enable_telemetry}
+    Abort on huge files: ........ ${ac_enable_mem_constraint}
     Build example code: ......... ${ac_enable_examples}
     API Documentation: .......... ${doc_build}
     Format Documentation: ....... ${spec_build}
diff --git a/lib/decinfo.c b/lib/decinfo.c
index 80e3f03e..1005e103 100644
--- a/lib/decinfo.c
+++ b/lib/decinfo.c
@@ -20,6 +20,11 @@
 #include <limits.h>
 #include "decint.h"
 
+/*Only used for fuzzing.*/
+#if defined(HAVE_MEMORY_CONSTRAINT)
+static const int MAX_FUZZING_WIDTH = 16384;
+static const int MAX_FUZZING_HEIGHT = 16384;
+#endif
 
 
 /*Unpacks a series of octets from a given byte array into the pack buffer.
@@ -82,6 +87,11 @@ static int oc_info_unpack(oc_pack_buf *_opb,th_info *_info){
    _info->fps_numerator==0||_info->fps_denominator==0){
     return TH_EBADHEADER;
   }
+#if defined(HAVE_MEMORY_CONSTRAINT)
+  if(_info->frame_width>=MAX_FUZZING_WIDTH&&_info->frame_height>=MAX_FUZZING_HEIGHT){
+    return TH_EBADHEADER;
+  }
+#endif
   /*Note: The sense of pic_y is inverted in what we pass back to the
      application compared to how it is stored in the bitstream.
     This is because the bitstream uses a right-handed coordinate system, while
-- 
GitLab