sergiotarxz/libvips
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Ensure SVG loader skips input with chars outside x09-x7F range

Browse Source 
Add test with example valid WebP image that happens to contain
the string '<svg' within its compressed image data.
This commit is contained in:
Lovell Fuller 2020-08-21 10:11:11 +01:00 committed by John Cupitt
parent 270933c281
commit 69ee8a32b6
4 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libvips/foreign/svgload.c
View File

@ -211,7 +211,7 @@ vips_foreign_load_svg_is_a( const void *buf, size_t len )
* before the <svg line. * before the <svg line.
* *
* Simple rules: * Simple rules:
* - first 24 chars are plain ascii * - first 24 chars are plain ascii (x09-x7F)
* - first SVG_HEADER_SIZE chars contain "<svg", upper or lower case. * - first SVG_HEADER_SIZE chars contain "<svg", upper or lower case.
* *
* We could rsvg_handle_new_from_data() on the buffer, but that can be * We could rsvg_handle_new_from_data() on the buffer, but that can be
@ -220,7 +220,7 @@ vips_foreign_load_svg_is_a( const void *buf, size_t len )
if( len < 24 ) if( len < 24 )
return( 0 ); return( 0 );
for( i = 0; i < 24; i++ ) for( i = 0; i < 24; i++ )
if( !isascii( str[i] ) ) if( !isascii( str[i] ) || str[i] < 9 )
return( FALSE ); return( FALSE );
for( i = 0; i < SVG_HEADER_SIZE && i < len - 5; i++ ) for( i = 0; i < SVG_HEADER_SIZE && i < len - 5; i++ )
if( g_ascii_strncasecmp( str + i, "<svg", 4 ) == 0 ) if( g_ascii_strncasecmp( str + i, "<svg", 4 ) == 0 )

1
test/test-suite/helpers/helpers.py
View File

@ -21,6 +21,7 @@ OME_FILE = os.path.join(IMAGES, "multi-channel-z-series.ome.tif")
ANALYZE_FILE = os.path.join(IMAGES, "t00740_tr1_segm.hdr") ANALYZE_FILE = os.path.join(IMAGES, "t00740_tr1_segm.hdr")
GIF_FILE = os.path.join(IMAGES, "cramps.gif") GIF_FILE = os.path.join(IMAGES, "cramps.gif")
WEBP_FILE = os.path.join(IMAGES, "1.webp") WEBP_FILE = os.path.join(IMAGES, "1.webp")
WEBP_LOOKS_LIKE_SVG_FILE = os.path.join(IMAGES, "looks-like-svg.webp")
EXR_FILE = os.path.join(IMAGES, "sample.exr") EXR_FILE = os.path.join(IMAGES, "sample.exr")
FITS_FILE = os.path.join(IMAGES, "WFPC2u5780205r_c0fx.fits") FITS_FILE = os.path.join(IMAGES, "WFPC2u5780205r_c0fx.fits")
OPENSLIDE_FILE = os.path.join(IMAGES, "CMU-1-Small-Region.svs") OPENSLIDE_FILE = os.path.join(IMAGES, "CMU-1-Small-Region.svs")

BIN
test/test-suite/images/looks-like-svg.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.5 KiB

7
test/test-suite/test_foreign.py
View File

@ -17,7 +17,7 @@ from helpers import \
GIF_ANIM_DISPOSE_PREVIOUS_FILE, \ GIF_ANIM_DISPOSE_PREVIOUS_FILE, \
GIF_ANIM_DISPOSE_PREVIOUS_EXPECTED_PNG_FILE, \ GIF_ANIM_DISPOSE_PREVIOUS_EXPECTED_PNG_FILE, \
temp_filename, assert_almost_equal_objects, have, skip_if_no, \ temp_filename, assert_almost_equal_objects, have, skip_if_no, \
TIF1_FILE, TIF2_FILE, TIF4_FILE TIF1_FILE, TIF2_FILE, TIF4_FILE, WEBP_LOOKS_LIKE_SVG_FILE
class TestForeign: class TestForeign:
@ -676,6 +676,11 @@ class TestForeign:
assert x1.get("page-height") == x2.get("page-height") assert x1.get("page-height") == x2.get("page-height")
assert x1.get("gif-loop") == x2.get("gif-loop") assert x1.get("gif-loop") == x2.get("gif-loop")
# WebP image that happens to contain the string "<svg"
if have("svgload"):
x = pyvips.Image.new_from_file(WEBP_LOOKS_LIKE_SVG_FILE)
assert x.get("vips-loader") == "webpload"
@skip_if_no("analyzeload") @skip_if_no("analyzeload")
def test_analyzeload(self): def test_analyzeload(self):
def analyze_valid(im): def analyze_valid(im):