Prevent crafted DOS attack.

3 years ago · ef5fe795d0
2 changed files with 12 additions and 1 deletions
--- a/src/ImageSharp/Formats/Pbm/BufferedReadStreamExtensions.cs
+++ b/src/ImageSharp/Formats/Pbm/BufferedReadStreamExtensions.cs
@ -28,7 +28,7 @@ internal static class BufferedReadStreamExtensions
                {
                    innerValue = stream.ReadByte();
                }
-                while (innerValue != 0x0a);
+                while (innerValue is not 0x0a and not -0x1);

                // Continue searching for whitespace.
                val = innerValue;
--- a/tests/ImageSharp.Tests/Formats/Pbm/PbmMetadataTests.cs
+++ b/tests/ImageSharp.Tests/Formats/Pbm/PbmMetadataTests.cs
@ -1,6 +1,7 @@
 // Copyright (c) Six Labors.
 // Licensed under the Six Labors Split License.

+using SixLabors.ImageSharp.Formats;
 using SixLabors.ImageSharp.Formats.Pbm;
 using static SixLabors.ImageSharp.Tests.TestImages.Pbm;

@ -80,4 +81,14 @@ public class PbmMetadataTests
        Assert.NotNull(bitmapMetadata);
        Assert.Equal(expectedComponentType, bitmapMetadata.ComponentType);
    }
+
+    [Fact]
+    public void Identify_HandlesCraftedDenialOfServiceString()
+    {
+        byte[] bytes = Convert.FromBase64String("UDEjWAAACQAAAAA=");
+        ImageInfo info = Image.Identify(bytes);
+        Assert.Equal(default, info.Size);
+        Configuration.Default.ImageFormatsManager.TryFindFormatByFileExtension("pbm", out IImageFormat format);
+        Assert.Equal(format!, info.Metadata.DecodedImageFormat);
+    }
 }