From f820b0b965716de398974a23a02ac95616580522 Mon Sep 17 00:00:00 2001 From: Brian Popow Date: Sun, 27 Mar 2022 15:21:30 +0200 Subject: [PATCH] ParseOptional chunks now checks, if enough data is read --- .../Formats/Webp/WebpDecoderCore.cs | 29 ++++++++++++++++--- .../Formats/Webp/WebpThrowHelper.cs | 7 +++++ 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/src/ImageSharp/Formats/Webp/WebpDecoderCore.cs b/src/ImageSharp/Formats/Webp/WebpDecoderCore.cs index 9d18e5d821..412ec2760a 100644 --- a/src/ImageSharp/Formats/Webp/WebpDecoderCore.cs +++ b/src/ImageSharp/Formats/Webp/WebpDecoderCore.cs @@ -426,6 +426,7 @@ namespace SixLabors.ImageSharp.Formats.Webp /// The webp image features. private void ParseOptionalExtendedChunks(WebpChunkType chunkType, WebpFeatures features) { + int bytesRead; switch (chunkType) { case WebpChunkType.Iccp: @@ -437,7 +438,12 @@ namespace SixLabors.ImageSharp.Formats.Webp else { byte[] iccpData = new byte[iccpChunkSize]; - this.currentStream.Read(iccpData, 0, (int)iccpChunkSize); + bytesRead = this.currentStream.Read(iccpData, 0, (int)iccpChunkSize); + if (bytesRead != iccpChunkSize) + { + WebpThrowHelper.ThrowInvalidImageContentException("Not enough data to read the iccp chunk"); + } + var profile = new IccProfile(iccpData); if (profile.CheckIsValid()) { @@ -456,7 +462,12 @@ namespace SixLabors.ImageSharp.Formats.Webp else { byte[] exifData = new byte[exifChunkSize]; - this.currentStream.Read(exifData, 0, (int)exifChunkSize); + bytesRead = this.currentStream.Read(exifData, 0, (int)exifChunkSize); + if (bytesRead != exifChunkSize) + { + WebpThrowHelper.ThrowInvalidImageContentException("Not enough data to read the exif chunk"); + } + var profile = new ExifProfile(exifData); this.Metadata.ExifProfile = profile; } @@ -472,7 +483,12 @@ namespace SixLabors.ImageSharp.Formats.Webp else { byte[] xmpData = new byte[xmpChunkSize]; - this.currentStream.Read(xmpData, 0, (int)xmpChunkSize); + bytesRead = this.currentStream.Read(xmpData, 0, (int)xmpChunkSize); + if (bytesRead != xmpChunkSize) + { + WebpThrowHelper.ThrowInvalidImageContentException("Not enough data to read the xmp chunk"); + } + var profile = new XmpProfile(xmpData); this.Metadata.XmpProfile = profile; } @@ -488,7 +504,12 @@ namespace SixLabors.ImageSharp.Formats.Webp features.AlphaChunkHeader = (byte)this.currentStream.ReadByte(); int alphaDataSize = (int)(alphaChunkSize - 1); features.AlphaData = this.memoryAllocator.Allocate(alphaDataSize); - this.currentStream.Read(features.AlphaData.Memory.Span, 0, alphaDataSize); + bytesRead = this.currentStream.Read(features.AlphaData.Memory.Span, 0, alphaDataSize); + if (bytesRead != alphaDataSize) + { + WebpThrowHelper.ThrowInvalidImageContentException("Not enough data to read the alpha chunk"); + } + break; default: WebpThrowHelper.ThrowImageFormatException("Unexpected chunk followed VP8X header"); diff --git a/src/ImageSharp/Formats/Webp/WebpThrowHelper.cs b/src/ImageSharp/Formats/Webp/WebpThrowHelper.cs index fffdd34101..5f063fd11a 100644 --- a/src/ImageSharp/Formats/Webp/WebpThrowHelper.cs +++ b/src/ImageSharp/Formats/Webp/WebpThrowHelper.cs @@ -8,6 +8,13 @@ namespace SixLabors.ImageSharp.Formats.Webp { internal static class WebpThrowHelper { + /// + /// Cold path optimization for throwing 's. + /// + /// The error message for the exception. + [MethodImpl(InliningOptions.ColdPath)] + public static void ThrowInvalidImageContentException(string errorMessage) => throw new InvalidImageContentException(errorMessage); + /// /// Cold path optimization for throwing -s ///