AK: Reject BitStream reads beyond EOF by default

The only exception to this is the lossless WebP decoder, which legitimately relies on this behavior, even upstream.
Author: https://github.com/timschumi Commit: https://github.com/SerenityOS/serenity/commit/197331c922 Pull-request: https://github.com/SerenityOS/serenity/pull/21890 Issue: https://github.com/SerenityOS/serenity/issues/21869 Reviewed-by: https://github.com/IdanHo Reviewed-by: https://github.com/LucasChollet Reviewed-by: https://github.com/trflynn89
2025-04-20 19:45:12 +00:00 · 2023-11-11 13:57:48 +01:00 · 2023-11-11 13:57:48 +01:00 · 197331c922 · 2024-07-17 11:29:41 +09:00
commit 197331c922
parent cb03d3d78f
2 changed files with 3 additions and 3 deletions
--- a/AK/BitStream.h
+++ b/AK/BitStream.h
@ -156,7 +156,7 @@ public:
        FillWithZero,
    };

-    explicit LittleEndianInputBitStream(MaybeOwned<Stream> stream, UnsatisfiableReadBehavior unsatisfiable_read_behavior = UnsatisfiableReadBehavior::FillWithZero)
+    explicit LittleEndianInputBitStream(MaybeOwned<Stream> stream, UnsatisfiableReadBehavior unsatisfiable_read_behavior = UnsatisfiableReadBehavior::Reject)
        : LittleEndianBitStream(move(stream))
        , m_unsatisfiable_read_behavior(unsatisfiable_read_behavior)
    {
--- a/Userland/Libraries/LibGfx/ImageFormats/WebPLoaderLossless.cpp
+++ b/Userland/Libraries/LibGfx/ImageFormats/WebPLoaderLossless.cpp
@ -26,7 +26,7 @@ ErrorOr<VP8LHeader> decode_webp_chunk_VP8L_header(ReadonlyBytes vp8l_data)
        return Error::from_string_literal("WebPImageDecoderPlugin: VP8L chunk too small");

    FixedMemoryStream memory_stream { vp8l_data.trim(5) };
-    LittleEndianInputBitStream bit_stream { MaybeOwned<Stream>(memory_stream) };
+    LittleEndianInputBitStream bit_stream { MaybeOwned<Stream>(memory_stream), LittleEndianInputBitStream::UnsatisfiableReadBehavior::FillWithZero };

    u8 signature = TRY(bit_stream.read_bits(8));
    if (signature != 0x2f)
@ -931,7 +931,7 @@ ErrorOr<NonnullRefPtr<Bitmap>> ColorIndexingTransform::transform(NonnullRefPtr<B
 ErrorOr<NonnullRefPtr<Bitmap>> decode_webp_chunk_VP8L_contents(VP8LHeader const& vp8l_header)
 {
    FixedMemoryStream memory_stream { vp8l_header.lossless_data };
-    LittleEndianInputBitStream bit_stream { MaybeOwned<Stream>(memory_stream) };
+    LittleEndianInputBitStream bit_stream { MaybeOwned<Stream>(memory_stream), LittleEndianInputBitStream::UnsatisfiableReadBehavior::FillWithZero };

    // image-stream = optional-transform spatially-coded-image