RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 00:47:45 +00:00
Code Issues Activity Actions

LibGfx: Reject GIFs with ridiculously large symbols

Browse source 
This also prevents exploitation by malicious GIFs.
Found by OSS Fuzz, long-standing issue
(since 259f8541fc)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29034
This commit is contained in:
Ben Wiederhake 2021-05-30 20:03:32 +02:00 committed by Andreas Kling
parent 39c09cec88
commit 7224308358
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Userland/Libraries/LibGfx/GIFLoader.cpp
View file

@ -335,6 +335,9 @@ static bool decode_frame(GIFLoadingContext& context, size_t frame_index)
copy_frame_buffer(*context.frame_buffer, *context.prev_frame_buffer); copy_frame_buffer(*context.frame_buffer, *context.prev_frame_buffer);
} }
if (image.lzw_min_code_size > 8)
return false;
LZWDecoder decoder(image.lzw_encoded_bytes, image.lzw_min_code_size); LZWDecoder decoder(image.lzw_encoded_bytes, image.lzw_min_code_size);
// Add GIF-specific control codes // Add GIF-specific control codes