From a19589649d6e632e89f29f1f1c9149b5dbed370a Mon Sep 17 00:00:00 2001 From: Nico Weber Date: Sat, 11 May 2024 20:22:49 -0400 Subject: [PATCH] LibGfx/WebPWriter: Add some checks to write_ANMF_chunk() The function's implementation makes these assumptions, so check that they are true instead of silently doing the wrong this when they're not true. --- Userland/Libraries/LibGfx/ImageFormats/WebPWriter.cpp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Userland/Libraries/LibGfx/ImageFormats/WebPWriter.cpp b/Userland/Libraries/LibGfx/ImageFormats/WebPWriter.cpp index 32879dc64b..9697c09633 100644 --- a/Userland/Libraries/LibGfx/ImageFormats/WebPWriter.cpp +++ b/Userland/Libraries/LibGfx/ImageFormats/WebPWriter.cpp @@ -386,6 +386,15 @@ struct ANMFChunk { static ErrorOr write_ANMF_chunk(Stream& stream, ANMFChunk const& chunk) { + if (chunk.frame_width > (1 << 24) || chunk.frame_height > (1 << 24)) + return Error::from_string_literal("WebP dimensions too large for ANMF chunk"); + + if (chunk.frame_width == 0 || chunk.frame_height == 0) + return Error::from_string_literal("WebP lossless animation frames must be at least one pixel wide and tall"); + + if (chunk.frame_x % 2 != 0 || chunk.frame_y % 2 != 0) + return Error::from_string_literal("WebP lossless animation frames must be at at even coordinates"); + dbgln_if(WEBP_DEBUG, "writing ANMF frame_x {} frame_y {} frame_width {} frame_height {} frame_duration {} blending_method {} disposal_method {}", chunk.frame_x, chunk.frame_y, chunk.frame_width, chunk.frame_height, chunk.frame_duration_in_milliseconds, (int)chunk.blending_method, (int)chunk.disposal_method);