[Webkit-unassigned] [Bug 47512] Add support for decoding WebP image

Tue Oct 12 19:07:38 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=47512

--- Comment #12 from Pascal Massimino <pascal.massimino at gmail.com>  2010-10-12 19:07:38 PST ---
Adam,

(In reply to comment #9)
> > When it comes to the narrowly-scoped issue of ImageDecoder::create(), it is indeed fine to use the minimum possible determinant string.  Note, for example, how we use "BM" to mean a .bmp.
> 
> It's important to use the same signature everywhere. 

There is a WebPGetInfo(*) function for validating the header in the library which is exactly meant
for that: central call point for sniffing data. I didn't use it here because, as said, it requires
30 bytes of data in order to go into great details validating everything that can be.
Should i use it instead (for instance, disguised as a static member bool WEBPDecoder::Validate(data, data_size)? 
I'd pretty much go advertising this function as the only one to call by sniffers.

thanks,
Pascal

(*) http://review.webmproject.org/gitweb?p=libwebp.git;a=blob;f=src/webp/decode.h;h=6ecaa00598db122489dbdc69207e93b8feb991ed;hb=HEAD

 Historically, different sniffing code has used different signatures, even for well-established image formats, such as JPEG and GIF.  As a result, there have been lots of vulnerabilities related to sneaking bytes that one entity thinks are a GIF but another entity does not (some examples are described in the paper I linked to above).
> 
> Currently, there's an effort underway in the IETF to standardize the signatures used for the popular image formats (and some other formats).  That will hopefully help with some of the existing problems.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.