1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 18:57:45 +00:00

ImageViewer: Sandbox image decoding using the ImageDecoder service :^)

Instead of parsing untrusted and potentially malicious image files in
the ImageViewer GUI process, take advantage of the ImageDecoder service
that we already have on the system to sandbox the decode.

This prevents bugs in our image decoding libraries from being used as
an exploitation vector when viewing files in ImageViewer.
This commit is contained in:
Andreas Kling 2021-05-14 19:54:31 +02:00
parent fa0e23009a
commit 212e1ba0d4
3 changed files with 26 additions and 17 deletions

View file

@ -9,9 +9,8 @@
#include <LibCore/Timer.h>
#include <LibGUI/Frame.h>
#include <LibGfx/Bitmap.h>
#include <LibGfx/ImageDecoder.h>
#include <LibGfx/Point.h>
#include <LibImageDecoderClient/Client.h>
namespace ImageViewer {
@ -65,8 +64,8 @@ private:
String m_path;
RefPtr<Gfx::Bitmap> m_bitmap;
Gfx::IntRect m_bitmap_rect;
Optional<ImageDecoderClient::DecodedImage> m_decoded_image;
RefPtr<Gfx::ImageDecoder> m_image_decoder;
size_t m_current_frame_index { 0 };
size_t m_loops_completed { 0 };
NonnullRefPtr<Core::Timer> m_timer;