From 58337e564f1db3f8443bc3ff2a70c2a23878bf09 Mon Sep 17 00:00:00 2001
From: DzBkdr <yahia9ben7@gmail.com>
Date: Thu, 19 Mar 2026 01:43:18 +0100
Subject: [PATCH] vp8l: fix integer overflow in pEnd calculation

---
 vp8l/decode.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/vp8l/decode.go b/vp8l/decode.go
index 43194870..40dd1d7d 100644
--- a/vp8l/decode.go
+++ b/vp8l/decode.go
@@ -438,7 +438,12 @@ func (d *decoder) decodePix(w int32, h int32, minCap int32, topLevel bool) ([]by
 				return nil, err
 			}
 			dist := distanceMap(w, distCode)
-			pEnd := p + 4*int(length)
+				// Ensure length is not so large that 4*length overflows an int.
+	if int64(length) > math.MaxInt32 {
+		return errInvalidString
+	}
+	pEnd := p + 4*int(length)
+
 			q := p - 4*int(dist)
 			qEnd := pEnd - 4*int(dist)
 			if p < 0 || len(pix) < pEnd || q < 0 || len(pix) < qEnd {