[Webkit-unassigned] [Bug 174692] New: [CG] An image should not invoke many system calls before confirming its format is supported

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jul 20 15:03:29 PDT 2017 

https://bugs.webkit.org/show_bug.cgi?id=174692

            Bug ID: 174692
           Summary: [CG] An image should not invoke many system calls
                    before confirming its format is supported
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Images
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sabouhallawa at apple.com

WebKit has its whitelist of image formats. Loading images with any format out of this whitelist will be cancelled. To know the image type, WebKit creates an ImageSource and sends it the encoded data when it's received. It calls CGImageSourceGetStatus() to know the status of the encoded data to know whether the type is available or not. When the image is available, WebKit calls CGImageSourceGetType() to decide whether to continue loading this image or cancel loading it and marking it a broken image.

We should be careful when invoking system calls before confirming the image type is available and it is one of the whitelist formats. Otherwise we will be invoking the parsers of the unsupported formats. The fix should be the following:

After setting new data to the ImageSource:

-- Call CGImageSourceGetType() — if that returns nil, return Unknown.
-- if CGImageSourceGetType()  returns non-nil, then use can call CGImageSourceGetStatus()
-- If CGImageSourceGetStatus() returns kCGImageStatusIncomplete or kCGImageStatusComplete, we check isAllowedImageUTI(CGImageSourceGetType()) - if it returns false we return Error.
-- If isAllowedImageUTI(CGImageSourceGetType()) returns true, we can call CGImageSourceCopyPropertiesAtIndex() and other system functions.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170720/0e6c57fa/attachment-0001.html>

More information about the webkit-unassigned mailing list