From 03fcc6cad20d09a2c67d1b1fbd57a2c76527cc98 Mon Sep 17 00:00:00 2001
From: Mohamed Ali Chebbi <mohamedalichebbi@gmail.com>
Date: Mon, 13 Feb 2023 12:13:12 +0100
Subject: [PATCH] fuzz issue : check that block is not corrupted before
 decoding

---
 src/asfvideo.cpp | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/asfvideo.cpp b/src/asfvideo.cpp
index 21e7e8f2..71f8cdc6 100644
--- a/src/asfvideo.cpp
+++ b/src/asfvideo.cpp
@@ -252,9 +252,10 @@ AsfVideo::HeaderReader::HeaderReader(BasicIo::UniquePtr& io) : IdBuf_(GUID) {
 }
 
 void AsfVideo::decodeBlock() {
-  Internal::enforce(GUID + io_->tell() < io_->size(), Exiv2::ErrorCode::kerCorruptedMetadata);
-  HeaderReader others(io_);
-  auto tag = GUIDReferenceTags.find(GUIDTag(others.getId().data()));
+  Internal::enforce(GUID + QWORD + io_->tell() <= io_->size(), Exiv2::ErrorCode::kerCorruptedMetadata);
+  HeaderReader objectHeader(io_);
+  Internal::enforce(objectHeader.getSize() + io_->tell() <= io_->size(), Exiv2::ErrorCode::kerCorruptedMetadata);
+  auto tag = GUIDReferenceTags.find(GUIDTag(objectHeader.getId().data()));
 
   if (tag != GUIDReferenceTags.end()) {
     if (tag->second == "Header")
@@ -277,11 +278,12 @@ void AsfVideo::decodeBlock() {
       DegradableJPEGMedia();
     else  // tag found but not processed
     {
-      io_->seekOrThrow(io_->tell() + others.getRemainingSize(), BasicIo::beg, ErrorCode::kerFailedToReadImageData);
+      io_->seekOrThrow(io_->tell() + objectHeader.getRemainingSize(), BasicIo::beg,
+                       ErrorCode::kerFailedToReadImageData);
     }
   } else  // tag not found
   {
-    io_->seekOrThrow(io_->tell() + others.getRemainingSize(), BasicIo::beg, ErrorCode::kerFailedToReadImageData);
+    io_->seekOrThrow(io_->tell() + objectHeader.getRemainingSize(), BasicIo::beg, ErrorCode::kerFailedToReadImageData);
   }
 
 }  // AsfVideo::decodeBlock