xfy/yggdrasil
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: limit WebP decode buffer size to prevent malicious allocations

Browse Source
This commit is contained in:
xfy 2026-06-09 15:48:34 +08:00
parent 7c6bab8019
commit db3379364f
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/api/image.rs
View File

@ -15,6 +15,8 @@ use std::sync::LazyLock;
const MAX_IMAGE_DIMENSION: u32 = 4096; const MAX_IMAGE_DIMENSION: u32 = 4096;
#[cfg(feature = "server")] #[cfg(feature = "server")]
const DEFAULT_JPEG_QUALITY: u8 = 85; const DEFAULT_JPEG_QUALITY: u8 = 85;
#[cfg(feature = "server")]
pub const MAX_IMAGE_PIXELS: u32 = 100_000_000; // ~10k x 10k
#[cfg(feature = "server")] #[cfg(feature = "server")]
#[derive(Debug, Clone)] #[derive(Debug, Clone)]

9
src/webp.rs
View File

@ -86,6 +86,15 @@ pub fn decode(data: &[u8]) -> Result<image::DynamicImage, WebpError> {
let height = info.height; let height = info.height;
let has_alpha = info.has_alpha; let has_alpha = info.has_alpha;
let pixel_count = (width as u64) * (height as u64);
if pixel_count > crate::api::image::MAX_IMAGE_PIXELS as u64 {
return Err(WebpError::Decode(format!(
"Image dimensions {}x{} exceed maximum allowed pixels",
width, height
)));
}
let buf_size = decoder let buf_size = decoder
.output_buffer_size() .output_buffer_size()
.ok_or_else(|| WebpError::Decode("Image too large".to_string()))?; .ok_or_else(|| WebpError::Decode("Image too large".to_string()))?;