diff options
author | Josh Richards <josh.t.richards@gmail.com> | 2023-05-18 13:27:13 -0400 |
---|---|---|
committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2024-08-06 16:07:24 +0000 |
commit | 2c58184b8579630a3aa2d8409c08d2fea112c2fc (patch) | |
tree | 8d7090f48020a5248e8273ee5071d41b49836d0d /lib | |
parent | 66773979e69bc7571c2fd75369454801c148561f (diff) | |
download | nextcloud-server-2c58184b8579630a3aa2d8409c08d2fea112c2fc.tar.gz nextcloud-server-2c58184b8579630a3aa2d8409c08d2fea112c2fc.zip |
fix(previews): Don't crash on animated WEBP images
Fixes #30029 and #37263
libgd handles animated WEBP images poorly and generates a meaningless error message as a result. We were returning a 500 error for these preview requests (web) and a fatal error at the command-line (occ). Now we bypass libgd if the we detect an animated WEBP image (and simply don't generate the preview). No more 500 error. Should fix occ too.
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/legacy/OC_Image.php | 51 |
1 files changed, 49 insertions, 2 deletions
diff --git a/lib/private/legacy/OC_Image.php b/lib/private/legacy/OC_Image.php index 794d59b25fe..74967021405 100644 --- a/lib/private/legacy/OC_Image.php +++ b/lib/private/legacy/OC_Image.php @@ -748,9 +748,56 @@ class OC_Image implements \OCP\IImage { if (!$this->checkImageSize($imagePath)) { return false; } - $this->resource = @imagecreatefromwebp($imagePath); + + // Check for animated header before generating preview since libgd does not handle them well + // Adapted from here: https://stackoverflow.com/a/68491679/4085517 (stripped to only to check for animations + added additional error checking) + // Header format details here: https://developers.google.com/speed/webp/docs/riff_container + + // Load up the header data, if any + $fp = fopen($imagePath, 'rb'); + if (!$fp) { + return false; + } + $data = fread($fp, 90); + if (!$data) { + return false; + } + fclose($fp); + unset($fp); + + $headerFormat = 'A4Riff/' . // get n string + 'I1Filesize/' . // get integer (file size but not actual size) + 'A4Webp/' . // get n string + 'A4Vp/' . // get n string + 'A74Chunk'; + + $header = unpack($headerFormat, $data); + unset($data, $headerFormat); + if (!$header) { + return false; + } + + // Check if we're really dealing with a valid WEBP header rather than just one suffixed ".webp" + if (!isset($header['Riff']) || strtoupper($header['Riff']) !== 'RIFF') { + return false; + } + if (!isset($header['Webp']) || strtoupper($header['Webp']) !== 'WEBP') { + return false; + } + if (!isset($header['Vp']) || strpos(strtoupper($header['Vp']), 'VP8') === false) { + return false; + } + + // Check for animation indicators + if (strpos(strtoupper($header['Chunk']), 'ANIM') !== false || strpos(strtoupper($header['Chunk']), 'ANMF') !== false) { + // Animated so don't let it reach libgd + $this->logger->debug('OC_Image->loadFromFile, animated WEBP images not supported: ' . $imagePath, ['app' => 'core']); + } else { + // We're safe so give it to libgd + $this->resource = @imagecreatefromwebp($imagePath); + } } else { - $this->logger->debug('OC_Image->loadFromFile, webp images not supported: ' . $imagePath, ['app' => 'core']); + $this->logger->debug('OC_Image->loadFromFile, WEBP images not supported: ' . $imagePath, ['app' => 'core']); } break; /* |