diff options
| author | Nico Weber <thakis@chromium.org> | 2023-04-04 11:04:54 -0400 |
|---|---|---|
| committer | Linus Groh <mail@linusgroh.de> | 2023-04-07 20:49:39 +0200 |
| commit | 6d388249851e7180b5f9f1f61753c50515626b57 (patch) | |
| tree | ea26b2fe89fa58c5a9529b87d24c75deb1b8aa0e /Userland/Libraries/LibCompress/Deflate.h | |
| parent | 55b2977d5d625899876caf6233268e18db69335f (diff) | |
| download | serenity-6d388249851e7180b5f9f1f61753c50515626b57.zip | |
LibCompress: Tolerate more than 288 entries in CanonicalCode
Webp lossless can have up to 2328 symbols. This code assumed the deflate
max of 288, leading to crashes for webp lossless files using more than
288 symbols (such as Tests/LibGfx/test-inputs/simple-vp8l.webp).
Nothing writes webp files at this point, so the m_bit_codes and
m_bit_code_lengths arrays aren't ever used in practice with more than
288 entries.
Diffstat (limited to 'Userland/Libraries/LibCompress/Deflate.h')
| -rw-r--r-- | Userland/Libraries/LibCompress/Deflate.h | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/Userland/Libraries/LibCompress/Deflate.h b/Userland/Libraries/LibCompress/Deflate.h index b4ab4b9c0c..f1fb086ca2 100644 --- a/Userland/Libraries/LibCompress/Deflate.h +++ b/Userland/Libraries/LibCompress/Deflate.h @@ -45,8 +45,10 @@ private: size_t m_max_prefixed_code_length { 0 }; // Compression - indexed by symbol - Array<u16, 288> m_bit_codes {}; // deflate uses a maximum of 288 symbols (maximum of 32 for distances) - Array<u16, 288> m_bit_code_lengths {}; + // Deflate uses a maximum of 288 symbols (maximum of 32 for distances), + // but this is also used by webp, which can use up to 256 + 24 + (1 << 11) == 2328 symbols. + Vector<u16, 288> m_bit_codes {}; + Vector<u16, 288> m_bit_code_lengths {}; }; class DeflateDecompressor final : public Stream { |