RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 15:57:35 +00:00
Code Issues Activity Actions

LibGfx/PortableFormat: Reject images with a maximum value of 0

Browse source 
These images can't contain any meaningful information, so no need to try
to decode them. Doing so result in a `SIGFPE`, as we divide by this
value later on.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57434&sort=-opened&can=1&q=proj%3Aserenity
This commit is contained in:
Lucas CHOLLET 2023-06-06 15:21:01 -04:00 committed by Jelle Raaijmakers
parent 800a0092ca
commit b78622ddf7
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Userland/Libraries/LibGfx/ImageFormats/PortableImageLoaderCommon.h
View file

@ -153,6 +153,11 @@ static ErrorOr<void> read_max_val(TContext& context)
{
context.format_details.max_val = TRY(read_number(*context.stream));
if (context.format_details.max_val == 0) {
context.state = TContext::State::Error;
return Error::from_string_literal("The image has a maximum value of 0");
}
if (context.format_details.max_val > 255) {
dbgln_if(PORTABLE_IMAGE_LOADER_DEBUG, "We can't parse 2 byte color for {}", TContext::FormatDetails::image_type);
context.state = TContext::State::Error;