mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-09-03 08:08:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibGfx: Reject GIFs with ridiculously large symbols

Browse source 
This also prevents exploitation by malicious GIFs.
Found by OSS Fuzz, long-standing issue
(since 259f8541fc)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29034
This commit is contained in:
Ben Wiederhake 2021-05-30 20:03:32 +02:00 committed by Andreas Kling
commit 7224308358
Notes: sideshowbarker 2024-07-18 04:47:06 +09:00
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Userland/Libraries/LibGfx/GIFLoader.cpp
View file

@ -335,6 +335,9 @@ static bool decode_frame(GIFLoadingContext& context, size_t frame_index)
copy_frame_buffer(*context.frame_buffer, *context.prev_frame_buffer);
}
if (image.lzw_min_code_size > 8)
return false;
LZWDecoder decoder(image.lzw_encoded_bytes, image.lzw_min_code_size);
// Add GIF-specific control codes