Overview

File libwebp-CVE-2018-25013.patch of Package libwebp.29258

From 907208f97ead639bd521cf355a2f203f462eade6 Mon Sep 17 00:00:00 2001
From: Vincent Rabaud <vrabaud@google.com>
Date: Fri, 20 Jul 2018 16:27:30 -0700
Subject: [PATCH] Wait for all threads to be done in DecodeRemaining.

This could lead to a race condition.

BUG=oss-fuzz:9417

Change-Id: Ifef4001115888541cb76095e1c0226487d497b78

Backported by Mike Gorse <mgorse@suse.com>
---
 src/dec/idec_dec.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff -urp libwebp-0.5.0.orig/src/dec/idec.c libwebp-0.5.0/src/dec/idec.c
--- libwebp-0.5.0.orig/src/dec/idec.c	2021-05-13 07:54:07.175498211 -0500
+++ libwebp-0.5.0/src/dec/idec.c	2021-05-13 09:57:06.230795857 -0500
@@ -463,6 +463,12 @@ static VP8StatusCode DecodeRemaining(Web
         if (dec->num_parts_ == 1 && MemDataSize(&idec->mem_) > MAX_MB_SIZE) {
           return IDecError(idec, VP8_STATUS_BITSTREAM_ERROR);
         }
+        // Synchronize the threads.
+        if (dec->mt_method_ > 0) {
+          if (!WebPGetWorkerInterface()->Sync(&dec->worker_)) {
+            return IDecError(idec, VP8_STATUS_BITSTREAM_ERROR);
+          }
+        }
         RestoreContext(&context, dec, token_br);
         return VP8_STATUS_SUSPENDED;
       }
openSUSE Build Service is sponsored by
Places