RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 12:47:45 +00:00
Code Issues Activity Actions

LibGUI: Make clipboard bitmap parsing more robust

Browse source 
In particular, malicious programs used to be able to set arbitrary
values as "format", which could cause UB (most likely a crash).

Furthermore, we do not transmit palette data, so an application sending
an indexed bitmap cannot possibly expect the other side to receive a
useful image. Therefore, we refuse to build a bitmap.
This commit is contained in:
Ben Wiederhake 2021-11-20 16:17:06 +01:00 committed by Linus Groh
parent d6c686e8bf
commit 768915bbcd
1 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Userland/Libraries/LibGUI/Clipboard.cpp
View file

@ -89,9 +89,17 @@ RefPtr<Gfx::Bitmap> Clipboard::DataAndType::as_bitmap() const
if (!format.has_value() || format.value() == 0)
return nullptr;
if (!Gfx::is_valid_bitmap_format(format.value()))
return nullptr;
auto bitmap_format = (Gfx::BitmapFormat)format.value();
// We cannot handle indexed bitmaps, as the palette would be lost.
// Thankfully, everything that copies bitmaps also transforms them to RGB beforehand.
if (Gfx::determine_storage_format(bitmap_format) == Gfx::StorageFormat::Indexed8)
return nullptr;
// We won't actually write to the clipping_bitmap, so casting away the const is okay.
auto clipping_data = const_cast<u8*>(data.data());
auto clipping_bitmap_or_error = Gfx::Bitmap::try_create_wrapper((Gfx::BitmapFormat)format.value(), { (int)width.value(), (int)height.value() }, scale.value(), pitch.value(), clipping_data);
auto clipping_bitmap_or_error = Gfx::Bitmap::try_create_wrapper(bitmap_format, { (int)width.value(), (int)height.value() }, scale.value(), pitch.value(), clipping_data);
if (clipping_bitmap_or_error.is_error())
return nullptr;
auto clipping_bitmap = clipping_bitmap_or_error.release_value_but_fixme_should_propagate_errors();