Skip to content

Commit

Permalink
MM-52720: use an io.LimitedReader in gif frame counting (#23372) (#23711
Browse files Browse the repository at this point in the history
)

Automatic Merge
  • Loading branch information
agnivade committed Jun 12, 2023
1 parent 54d93a8 commit 57b3dc0
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 6 deletions.
Binary file added tests/large_lzw_frame.gif
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
12 changes: 6 additions & 6 deletions utils/imgutils/gif.go
Original file line number Diff line number Diff line change
Expand Up @@ -366,7 +366,7 @@ func (d *decoder) readGraphicControl() error {
}

func (d *decoder) readImageDescriptor() error {
err := d.checkImageFromDescriptor()
w, h, err := d.readImageDimensionsFromDescriptor()
if err != nil {
return err
}
Expand All @@ -390,7 +390,7 @@ func (d *decoder) readImageDescriptor() error {
lzwr := lzw.NewReader(br, lzw.LSB, int(litWidth))
defer lzwr.Close()

if _, err := io.Copy(io.Discard, lzwr); err != nil {
if _, err := io.Copy(io.Discard, io.LimitReader(lzwr, int64(w*h))); err != nil {
if err != io.ErrUnexpectedEOF {
return fmt.Errorf("gif: reading image data: %v", err)
}
Expand Down Expand Up @@ -428,9 +428,9 @@ func (d *decoder) readImageDescriptor() error {
return nil
}

func (d *decoder) checkImageFromDescriptor() error {
func (d *decoder) readImageDimensionsFromDescriptor() (int, int, error) {
if err := readFull(d.r, d.tmp[:9]); err != nil {
return fmt.Errorf("gif: can't read image descriptor: %s", err)
return 0, 0, fmt.Errorf("gif: can't read image descriptor: %s", err)
}
left := int(d.tmp[0]) + int(d.tmp[1])<<8
top := int(d.tmp[2]) + int(d.tmp[3])<<8
Expand All @@ -455,10 +455,10 @@ func (d *decoder) checkImageFromDescriptor() error {
// imageBounds.Max (d.width, d.height) and not frameBounds.Min (left, top)
// against imageBounds.Min (0, 0).
if left+width > d.width || top+height > d.height {
return errors.New("gif: frame bounds larger than image bounds")
return 0, 0, errors.New("gif: frame bounds larger than image bounds")
}

return nil
return width, height, nil
}

func (d *decoder) readBlock() (int, error) {
Expand Down
10 changes: 10 additions & 0 deletions utils/imgutils/gif_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -86,4 +86,14 @@ func TestCountGIFFrames(t *testing.T) {

assert.Error(t, err)
})

t.Run("should return an error for excessively large compressed data", func(t *testing.T) {
b, err := readTestFile(t, "large_lzw_frame.gif")
require.NoError(t, err)

_, err = CountGIFFrames(bytes.NewReader(b))

assert.Error(t, err)
assert.Equal(t, errTooMuch, err)
})
}

0 comments on commit 57b3dc0

Please sign in to comment.