Ensure SVG loader skips input with chars outside x09-x7F range
Add test with example valid WebP image that happens to contain the string '<svg' within its compressed image data.
This commit is contained in:
parent
f8faa5f7f7
commit
489324f392
@ -211,7 +211,7 @@ vips_foreign_load_svg_is_a( const void *buf, size_t len )
|
||||
* before the <svg line.
|
||||
*
|
||||
* Simple rules:
|
||||
* - first 24 chars are plain ascii
|
||||
* - first 24 chars are plain ascii (x09-x7F)
|
||||
* - first SVG_HEADER_SIZE chars contain "<svg", upper or lower case.
|
||||
*
|
||||
* We could rsvg_handle_new_from_data() on the buffer, but that can be
|
||||
@ -220,7 +220,7 @@ vips_foreign_load_svg_is_a( const void *buf, size_t len )
|
||||
if( len < 24 )
|
||||
return( 0 );
|
||||
for( i = 0; i < 24; i++ )
|
||||
if( !isascii( str[i] ) )
|
||||
if( !isascii( str[i] ) || str[i] < 9 )
|
||||
return( FALSE );
|
||||
for( i = 0; i < SVG_HEADER_SIZE && i < len - 5; i++ )
|
||||
if( g_ascii_strncasecmp( str + i, "<svg", 4 ) == 0 )
|
||||
|
@ -21,6 +21,7 @@ OME_FILE = os.path.join(IMAGES, "multi-channel-z-series.ome.tif")
|
||||
ANALYZE_FILE = os.path.join(IMAGES, "t00740_tr1_segm.hdr")
|
||||
GIF_FILE = os.path.join(IMAGES, "cramps.gif")
|
||||
WEBP_FILE = os.path.join(IMAGES, "1.webp")
|
||||
WEBP_LOOKS_LIKE_SVG_FILE = os.path.join(IMAGES, "looks-like-svg.webp")
|
||||
EXR_FILE = os.path.join(IMAGES, "sample.exr")
|
||||
FITS_FILE = os.path.join(IMAGES, "WFPC2u5780205r_c0fx.fits")
|
||||
OPENSLIDE_FILE = os.path.join(IMAGES, "CMU-1-Small-Region.svs")
|
||||
|
BIN
test/test-suite/images/looks-like-svg.webp
Normal file
BIN
test/test-suite/images/looks-like-svg.webp
Normal file
Binary file not shown.
After Width: | Height: | Size: 2.5 KiB |
@ -17,7 +17,7 @@ from helpers import \
|
||||
GIF_ANIM_DISPOSE_PREVIOUS_FILE, \
|
||||
GIF_ANIM_DISPOSE_PREVIOUS_EXPECTED_PNG_FILE, \
|
||||
temp_filename, assert_almost_equal_objects, have, skip_if_no, \
|
||||
TIF1_FILE, TIF2_FILE, TIF4_FILE
|
||||
TIF1_FILE, TIF2_FILE, TIF4_FILE, WEBP_LOOKS_LIKE_SVG_FILE
|
||||
|
||||
|
||||
class TestForeign:
|
||||
@ -676,6 +676,11 @@ class TestForeign:
|
||||
assert x1.get("page-height") == x2.get("page-height")
|
||||
assert x1.get("gif-loop") == x2.get("gif-loop")
|
||||
|
||||
# WebP image that happens to contain the string "<svg"
|
||||
if have("svgload"):
|
||||
x = pyvips.Image.new_from_file(WEBP_LOOKS_LIKE_SVG_FILE)
|
||||
assert x.get("vips-loader") == "webpload"
|
||||
|
||||
@skip_if_no("analyzeload")
|
||||
def test_analyzeload(self):
|
||||
def analyze_valid(im):
|
||||
|
Loading…
Reference in New Issue
Block a user