-
Notifications
You must be signed in to change notification settings - Fork 606
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'attempt to add with overflow' panic in webp #1501
Comments
So this happens because of this function. The panic specifically occurs because the 4 bytes of 0xff give an odd value just under the max value, so we could just add a check for that or modify the whole function. Also we should probably have "VP8X" as one of the formats unsupported.
|
Immediately after posting that, I realised the point of skipping those chunks is to half-support extended file format chunks(VP8X) by just ignoring the extension data and trying to decode the VP8 file as normal. With that, it's probably reasonable to just add a check to prevent the add overflow? |
Yes, that could be a good start. At least it turns the (debug) panic into a proper error as the file will appear to be too short. In any case it may even be okay to perform a saturating_add instead but a check-and-error approach is, on first instinct, cleaner. |
I didn't notice this when it was posted at the time, but this issue was introduced by my PR (#1168) 😅 Another solution could be to move the image/src/codecs/webp/decoder.rs Lines 109 to 115 in 702c1e7
|
From looking at it quickly, I'd be inclined to do a checked add and return an error if that fails. More verbose, but clearer as to the intent. As far as I can see, a chunk length that overflows a u32 is invalid anyways, because the whole file size is limited to 4GiB - 2 bytes, according to https://developers.google.com/speed/webp/docs/riff_container. So if it overflows, it's a bad file. Also, maybe return the same / a similar error if the |
This happens in
image::codecs::webp::decoder::WebPDecoder<R>::read_vp8_header
Expected
An Error object should have been returned
Actual behaviour
Stacktrace:
Reproduction steps
Can be reproduced with this program:
The text was updated successfully, but these errors were encountered: