Skip to content
Snippets Groups Projects
Commit 4933e44e authored by Tristan Matthews's avatar Tristan Matthews
Browse files

configure: add --enable-mem-constraint option 

This will bail on files exceeding 16384x16384 (useful for fuzzing).
parent e5d205bf
No related branches found
No related tags found
1 merge request!1configure: add --enable-mem-constraint option
Hide whitespace changes
Inline Side-by-side
configure.ac
+ 10
0
View file @ 4933e44e
...@@ -502,6 +502,15 @@ if test "x${ac_enable_telemetry}" = xyes; then ...@@ -502,6 +502,15 @@ if test "x${ac_enable_telemetry}" = xyes; then
AC_SUBST(CAIRO_LIBS) AC_SUBST(CAIRO_LIBS)
fi fi
dnl add safety rails for fuzzing
AC_ARG_ENABLE(mem-constraint,
AS_HELP_STRING([--enable-mem-constraint], [Abort if size exceeds 16384x16384 (for fuzzing only)]),
[ ac_enable_mem_constraint=$enableval ], [ ac_enable_mem_constraint=no] )
if test "x${ac_enable_mem_constraint}" = xyes; then
AC_DEFINE([HAVE_MEMORY_CONSTRAINT], [], [Abort if size exceeds 16384x16384 (for fuzzing only)])
fi
dnl -------------------------------------------------- dnl --------------------------------------------------
dnl Overall build configuration options dnl Overall build configuration options
dnl -------------------------------------------------- dnl --------------------------------------------------
...@@ -623,6 +632,7 @@ AC_MSG_RESULT([ ...@@ -623,6 +632,7 @@ AC_MSG_RESULT([
Encoding support: ........... ${ac_enable_encode} Encoding support: ........... ${ac_enable_encode}
Assembly optimization: ...... ${cpu_optimization} Assembly optimization: ...... ${cpu_optimization}
Debugging telemetry: ........ ${ac_enable_telemetry} Debugging telemetry: ........ ${ac_enable_telemetry}
Abort on huge files: ........ ${ac_enable_mem_constraint}
Build example code: ......... ${ac_enable_examples} Build example code: ......... ${ac_enable_examples}
API Documentation: .......... ${doc_build} API Documentation: .......... ${doc_build}
Format Documentation: ....... ${spec_build} Format Documentation: ....... ${spec_build}
......
lib/decinfo.c
+ 10
0
View file @ 4933e44e
...@@ -20,6 +20,11 @@ ...@@ -20,6 +20,11 @@
#include <limits.h> #include <limits.h>
#include "decint.h" #include "decint.h"
/*Only used for fuzzing.*/
#if defined(HAVE_MEMORY_CONSTRAINT)
static const int MAX_FUZZING_WIDTH = 16384;
static const int MAX_FUZZING_HEIGHT = 16384;
#endif
/*Unpacks a series of octets from a given byte array into the pack buffer. /*Unpacks a series of octets from a given byte array into the pack buffer.
...@@ -82,6 +87,11 @@ static int oc_info_unpack(oc_pack_buf *_opb,th_info *_info){ ...@@ -82,6 +87,11 @@ static int oc_info_unpack(oc_pack_buf *_opb,th_info *_info){
_info->fps_numerator==0||_info->fps_denominator==0){ _info->fps_numerator==0||_info->fps_denominator==0){
return TH_EBADHEADER; return TH_EBADHEADER;
} }
#if defined(HAVE_MEMORY_CONSTRAINT)
if(_info->frame_width>=MAX_FUZZING_WIDTH&&_info->frame_height>=MAX_FUZZING_HEIGHT){
return TH_EBADHEADER;
}
#endif
/*Note: The sense of pic_y is inverted in what we pass back to the /*Note: The sense of pic_y is inverted in what we pass back to the
application compared to how it is stored in the bitstream. application compared to how it is stored in the bitstream.
This is because the bitstream uses a right-handed coordinate system, while This is because the bitstream uses a right-handed coordinate system, while
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment