[Webkit-unassigned] [Bug 47512] Add support for decoding WebP image
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 12 19:07:38 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=47512
--- Comment #12 from Pascal Massimino <pascal.massimino at gmail.com> 2010-10-12 19:07:38 PST ---
Adam,
(In reply to comment #9)
> > When it comes to the narrowly-scoped issue of ImageDecoder::create(), it is indeed fine to use the minimum possible determinant string. Note, for example, how we use "BM" to mean a .bmp.
>
> It's important to use the same signature everywhere.
There is a WebPGetInfo(*) function for validating the header in the library which is exactly meant
for that: central call point for sniffing data. I didn't use it here because, as said, it requires
30 bytes of data in order to go into great details validating everything that can be.
Should i use it instead (for instance, disguised as a static member bool WEBPDecoder::Validate(data, data_size)?
I'd pretty much go advertising this function as the only one to call by sniffers.
thanks,
Pascal
(*) http://review.webmproject.org/gitweb?p=libwebp.git;a=blob;f=src/webp/decode.h;h=6ecaa00598db122489dbdc69207e93b8feb991ed;hb=HEAD
Historically, different sniffing code has used different signatures, even for well-established image formats, such as JPEG and GIF. As a result, there have been lots of vulnerabilities related to sneaking bytes that one entity thinks are a GIF but another entity does not (some examples are described in the paper I linked to above).
>
> Currently, there's an effort underway in the IETF to standardize the signatures used for the popular image formats (and some other formats). That will hopefully help with some of the existing problems.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list