Prevent huge memory allocations from fuzzed header fields

[wimlib] / src / metadata_resource.c

diff --git a/src/metadata_resource.c b/src/metadata_resource.c
index 19975e2e368921466aa9cd9eb9b648ad3f504850..e114ed28ce8f4c43ba002fc25c759e0b8c3dfefa 100644 (file)
--- a/src/metadata_resource.c
+++ b/src/metadata_resource.c
@@ -3,7 +3,7 @@
  */
 
 /*
- * Copyright (C) 2012, 2013 Eric Biggers
+ * Copyright 2012-2023 Eric Biggers
  *
  * This file is free software; you can redistribute it and/or modify it under
  * the terms of the GNU Lesser General Public License as published by the Free
@@ -79,6 +79,18 @@ read_metadata_resource(struct wim_image_metadata *imd)
 
        metadata_blob = imd->metadata_blob;
 
+       /*
+        * Prevent huge memory allocations when processing fuzzed files.  The
+        * case of metadata resources is tough, since a metadata resource can
+        * legitimately decompress to many times the size of the WIM file
+        * itself, e.g. in the case of an image containing many empty files with
+        * similar long filenames.  Arbitrarily choose 512x as a generous limit.
+        */
+       if (metadata_blob->blob_location == BLOB_IN_WIM &&
+           metadata_blob->rdesc->wim->file_size > 0 &&
+           metadata_blob->size / 512 > metadata_blob->rdesc->wim->file_size)
+               return WIMLIB_ERR_INVALID_METADATA_RESOURCE;
+
        /* Read the metadata resource into memory.  (It may be compressed.)  */
        ret = read_blob_into_alloc_buf(metadata_blob, &buf);
        if (ret)