RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 05:47:34 +00:00
Code Issues Activity Actions

LibGfx: Make all image decoders reject image sizes above 16384 pixels

Browse source 
Let's just say no to shenanigans by capping images at 16384 pixels both
wide and tall. If a day comes in the future where we need to handle
images larger than this, we can deal with it then.
This commit is contained in:
Andreas Kling 2020-12-25 00:19:06 +01:00
parent a5f4cb78cf
commit edf01803cd
7 changed files with 38 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

21
Libraries/LibGfx/PortableImageLoaderCommon.h
View file

@ -1,5 +1,6 @@
/*
* Copyright (c) 2020, the SerenityOS developers, Hüseyin ASLITÜRK <asliturk@hotmail.com>
* Copyright (c) 2020, Hüseyin Aslıtürk <asliturk@hotmail.com>
* Copyright (c) 2020, the SerenityOS developers
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -26,7 +27,6 @@
#pragma once
#include "Streamer.h"
#include <AK/Array.h>
#include <AK/Endian.h>
#include <AK/LexicalPath.h>
@ -36,6 +36,10 @@
#include <AK/StringBuilder.h>
#include <AK/Types.h>
#include <AK/Vector.h>
#include <LibGfx/Bitmap.h>
#include <LibGfx/Color.h>
#include <LibGfx/ImageDecoder.h>
#include <LibGfx/Streamer.h>
//#define PORTABLE_IMAGE_LOADER_DEBUG
@ -216,8 +220,8 @@ template<typename TContext>
static void set_adjusted_pixels(TContext& context, const AK::Vector<Gfx::Color>& color_data)
{
size_t index = 0;
for (int y = 0; y < context.height; ++y) {
for (int x = 0; x < context.width; ++x) {
for (size_t y = 0; y < context.height; ++y) {
for (size_t x = 0; x < context.width; ++x) {
Color color = color_data.at(index);
if (context.max_val < 255) {
color = adjust_color(context.max_val, color);
@ -232,8 +236,8 @@ template<typename TContext>
static void set_pixels(TContext& context, const AK::Vector<Gfx::Color>& color_data)
{
size_t index = 0;
for (int y = 0; y < context.height; ++y) {
for (int x = 0; x < context.width; ++x) {
for (size_t y = 0; y < context.height; ++y) {
for (size_t x = 0; x < context.width; ++x) {
context.bitmap->set_pixel(x, y, color_data.at(index));
index++;
}
@ -267,6 +271,11 @@ static bool decode(TContext& context)
if (!read_height(context, streamer))
return false;
if (context.width > maximum_width_for_decoded_images || context.height > maximum_height_for_decoded_images) {
dbgln("This portable network image is too large for comfort: {}x{}", context.width, context.height);
return false;
}
if (!read_white_space(context, streamer))
return false;