From cb0966858dd1877b87c457f79e1365e697fccc19 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Fri, 8 Jul 2022 15:17:25 +0100
Subject: [PATCH] Fix fuzzing timeout in the new IFW CPD parsing

Limit the number of images to an order of magnitide more than we've ever seen.

Fixes https://oss-fuzz.com/testcase-detail/4842982326534144
---
 libfwupdplugin/fu-ifwi-cpd-firmware.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libfwupdplugin/fu-ifwi-cpd-firmware.c b/libfwupdplugin/fu-ifwi-cpd-firmware.c
index e95fa88d9..344135d34 100644
--- a/libfwupdplugin/fu-ifwi-cpd-firmware.c
+++ b/libfwupdplugin/fu-ifwi-cpd-firmware.c
@@ -38,6 +38,7 @@ G_DEFINE_TYPE_WITH_PRIVATE(FuIfwiCpdFirmware, fu_ifwi_cpd_firmware, FU_TYPE_FIRM
 #define GET_PRIVATE(o) (fu_ifwi_cpd_firmware_get_instance_private(o))
 
 #define FU_IFWI_CPD_FIRMWARE_HEADER_MARKER 0x44504324
+#define FU_IFWI_CPD_FIRMWARE_ENTRIES_MAX   1024
 
 typedef struct __attribute__((packed)) {
 	guint32 header_marker;
@@ -258,6 +259,15 @@ fu_ifwi_cpd_firmware_parse(FuFirmware *firmware,
 				    G_LITTLE_ENDIAN,
 				    error))
 		return FALSE;
+	if (num_of_entries > FU_IFWI_CPD_FIRMWARE_ENTRIES_MAX) {
+		g_set_error(error,
+			    G_IO_ERROR,
+			    G_IO_ERROR_INVALID_DATA,
+			    "too many entries 0x%x, expected <= 0x%x",
+			    num_of_entries,
+			    (guint)FU_IFWI_CPD_FIRMWARE_ENTRIES_MAX);
+		return FALSE;
+	}
 	offset += header_length;
 	for (guint32 i = 0; i < num_of_entries; i++) {
 		gchar name[12] = {0x0};