1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 04:57:44 +00:00

LibGfx+icc: Verify ICCProfile ID at parse time instead of in icc

Always computing computing the md5 takes some time, but most
icc profiles are small. So that's probably fine.

If this ends up being a perf problem in the future, or if it ends up
rejecting tons of embedded proiles from images, we can row it back.
But let's see if we can get away with this first.
This commit is contained in:
Nico Weber 2023-01-06 13:46:18 -05:00 committed by Linus Groh
parent 31af741c66
commit c00ce2fba0
2 changed files with 9 additions and 12 deletions

View file

@ -244,18 +244,20 @@ bool all_bytes_are_zero(const u8 (&bytes)[N])
return true;
}
Optional<Crypto::Hash::MD5::DigestType> parse_profile_id(ICCHeader const& header)
ErrorOr<Optional<Crypto::Hash::MD5::DigestType>> parse_profile_id(ICCHeader const& header, ReadonlyBytes icc_bytes)
{
// ICC v4, 7.2.18 Profile ID field
// "A profile ID field value of zero (00h) shall indicate that a profile ID has not been calculated."
if (all_bytes_are_zero(header.profile_id))
return {};
return Optional<Crypto::Hash::MD5::DigestType> {};
Crypto::Hash::MD5::DigestType id;
static_assert(sizeof(id.data) == sizeof(header.profile_id));
memcpy(id.data, header.profile_id, sizeof(id.data));
// FIXME: Consider comparing read id with compute_id() result and failing if they aren't equal.
auto computed_id = Profile::compute_id(icc_bytes);
if (id != computed_id)
return Error::from_string_literal("ICC::Profile: Invalid profile id");
return id;
}
@ -399,7 +401,7 @@ ErrorOr<NonnullRefPtr<Profile>> Profile::try_load_from_externally_owned_memory(R
profile->m_flags = Flags { header.profile_flags };
profile->m_rendering_intent = TRY(parse_rendering_intent(header));
profile->m_pcs_illuminant = TRY(parse_pcs_illuminant(header));
profile->m_id = parse_profile_id(header);
profile->m_id = TRY(parse_profile_id(header, bytes));
TRY(parse_reserved(header));
return profile;