RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 04:47:34 +00:00
Code Issues Activity Actions

WebP/Lossy: Validate show_frame and version when reading header

Browse source
This commit is contained in:
Nico Weber 2023-05-24 08:22:28 -04:00 committed by Andreas Kling
parent 5934c4ebfb
commit 703bd4c8a3
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Userland/Libraries/LibGfx/ImageFormats/WebPLoaderLossy.cpp
View file

@ -43,7 +43,11 @@ ErrorOr<VP8Header> decode_webp_chunk_VP8_header(ReadonlyBytes vp8_data)
if (!is_key_frame)
return Error::from_string_literal("WebPImageDecoderPlugin: 'VP8 ' chunk not a key frame");
// FIXME: !show_frame does not make sense in a webp file either, probably?
if (!show_frame)
return Error::from_string_literal("WebPImageDecoderPlugin: 'VP8 ' chunk has invalid visibility for webp image");
if (version > 3)
return Error::from_string_literal("WebPImageDecoderPlugin: unknown version number in 'VP8 ' chunk");
u32 start_code = data[3] | (data[4] << 8) | (data[5] << 16);
if (start_code != 0x2a019d) // https://www.rfc-editor.org/errata/eid7370