diff options
| author | Andy Scherzinger <info@andy-scherzinger.de> | 2024-08-07 10:34:57 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-08-07 10:34:57 +0200 |
| commit | 8e5956ea6afa96be39c091e42b6a740958f1d678 (patch) | |
| tree | d4ffea5edeab03da9829909cfbee9db5edd7717c | |
| parent | 8a913e4cf61d9c84b0633cf29e43640364010617 (diff) | |
| parent | 2c58184b8579630a3aa2d8409c08d2fea112c2fc (diff) | |
| download | nextcloud-server-8e5956ea6afa96be39c091e42b6a740958f1d678.tar.gz nextcloud-server-8e5956ea6afa96be39c091e42b6a740958f1d678.zip | |
Merge pull request #47079 from nextcloud/backport/38364/stable28
[stable28] fix(previews): Don't crash on animated WEBP images
| -rw-r--r-- | lib/private/legacy/OC_Image.php | 51 |
1 files changed, 49 insertions, 2 deletions
diff --git a/lib/private/legacy/OC_Image.php b/lib/private/legacy/OC_Image.php index 794d59b25fe..74967021405 100644 --- a/lib/private/legacy/OC_Image.php +++ b/lib/private/legacy/OC_Image.php @@ -748,9 +748,56 @@ class OC_Image implements \OCP\IImage { if (!$this->checkImageSize($imagePath)) { return false; } - $this->resource = @imagecreatefromwebp($imagePath); + + // Check for animated header before generating preview since libgd does not handle them well + // Adapted from here: https://stackoverflow.com/a/68491679/4085517 (stripped to only to check for animations + added additional error checking) + // Header format details here: https://developers.google.com/speed/webp/docs/riff_container + + // Load up the header data, if any + $fp = fopen($imagePath, 'rb'); + if (!$fp) { + return false; + } + $data = fread($fp, 90); + if (!$data) { + return false; + } + fclose($fp); + unset($fp); + + $headerFormat = 'A4Riff/' . // get n string + 'I1Filesize/' . // get integer (file size but not actual size) + 'A4Webp/' . // get n string + 'A4Vp/' . // get n string + 'A74Chunk'; + + $header = unpack($headerFormat, $data); + unset($data, $headerFormat); + if (!$header) { + return false; + } + + // Check if we're really dealing with a valid WEBP header rather than just one suffixed ".webp" + if (!isset($header['Riff']) || strtoupper($header['Riff']) !== 'RIFF') { + return false; + } + if (!isset($header['Webp']) || strtoupper($header['Webp']) !== 'WEBP') { + return false; + } + if (!isset($header['Vp']) || strpos(strtoupper($header['Vp']), 'VP8') === false) { + return false; + } + + // Check for animation indicators + if (strpos(strtoupper($header['Chunk']), 'ANIM') !== false || strpos(strtoupper($header['Chunk']), 'ANMF') !== false) { + // Animated so don't let it reach libgd + $this->logger->debug('OC_Image->loadFromFile, animated WEBP images not supported: ' . $imagePath, ['app' => 'core']); + } else { + // We're safe so give it to libgd + $this->resource = @imagecreatefromwebp($imagePath); + } } else { - $this->logger->debug('OC_Image->loadFromFile, webp images not supported: ' . $imagePath, ['app' => 'core']); + $this->logger->debug('OC_Image->loadFromFile, WEBP images not supported: ' . $imagePath, ['app' => 'core']); } break; /* |