[Webkit-unassigned] [Bug 47512] Add support for decoding WebP image

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 12 19:07:38 PDT 2010


--- Comment #12 from Pascal Massimino <pascal.massimino at gmail.com>  2010-10-12 19:07:38 PST ---

(In reply to comment #9)
> > When it comes to the narrowly-scoped issue of ImageDecoder::create(), it is indeed fine to use the minimum possible determinant string.  Note, for example, how we use "BM" to mean a .bmp.
> It's important to use the same signature everywhere. 

There is a WebPGetInfo(*) function for validating the header in the library which is exactly meant
for that: central call point for sniffing data. I didn't use it here because, as said, it requires
30 bytes of data in order to go into great details validating everything that can be.
Should i use it instead (for instance, disguised as a static member bool WEBPDecoder::Validate(data, data_size)? 
I'd pretty much go advertising this function as the only one to call by sniffers.


(*) http://review.webmproject.org/gitweb?p=libwebp.git;a=blob;f=src/webp/decode.h;h=6ecaa00598db122489dbdc69207e93b8feb991ed;hb=HEAD

 Historically, different sniffing code has used different signatures, even for well-established image formats, such as JPEG and GIF.  As a result, there have been lots of vulnerabilities related to sneaking bytes that one entity thinks are a GIF but another entity does not (some examples are described in the paper I linked to above).
> Currently, there's an effort underway in the IETF to standardize the signatures used for the popular image formats (and some other formats).  That will hopefully help with some of the existing problems.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list