[Webkit-unassigned] [Bug 47512] Add support for decoding WebP image
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 12 15:32:53 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=47512
--- Comment #9 from Adam Barth <abarth at webkit.org> 2010-10-12 15:32:53 PST ---
> When it comes to the narrowly-scoped issue of ImageDecoder::create(), it is indeed fine to use the minimum possible determinant string. Note, for example, how we use "BM" to mean a .bmp.
It's important to use the same signature everywhere. Historically, different sniffing code has used different signatures, even for well-established image formats, such as JPEG and GIF. As a result, there have been lots of vulnerabilities related to sneaking bytes that one entity thinks are a GIF but another entity does not (some examples are described in the paper I linked to above).
Currently, there's an effort underway in the IETF to standardize the signatures used for the popular image formats (and some other formats). That will hopefully help with some of the existing problems.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list