From dd81bea9ef6aeb28127b0cfdb957df7458042b17 Mon Sep 17 00:00:00 2001 From: Tim Ledbetter Date: Mon, 2 Oct 2023 17:41:18 +0100 Subject: [PATCH] LibGfx: Don't read past EOF in JPEGLoader Previously, it was possible to pass JPEGLoader a crafted input which would read past the end of the stream. We now return an error in such cases. --- Userland/Libraries/LibGfx/ImageFormats/JPEGLoader.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Userland/Libraries/LibGfx/ImageFormats/JPEGLoader.cpp b/Userland/Libraries/LibGfx/ImageFormats/JPEGLoader.cpp index e96c437c55..7df203417c 100644 --- a/Userland/Libraries/LibGfx/ImageFormats/JPEGLoader.cpp +++ b/Userland/Libraries/LibGfx/ImageFormats/JPEGLoader.cpp @@ -230,6 +230,9 @@ private: VERIFY(m_byte_offset == m_current_size); m_current_size = TRY(m_stream->read_some(m_buffer.span())).size(); + if (m_current_size == 0) + return Error::from_string_literal("Unexpected end of file"); + m_byte_offset = 0; return {};