Skip to content

Commit

Permalink
Merge pull request #47080 from nextcloud/backport/38364/stable29
Browse files Browse the repository at this point in the history
[stable29] fix(previews): Don't crash on animated WEBP images
  • Loading branch information
st3iny authored Aug 7, 2024
2 parents cf72177 + 32dd57e commit 1b50d28
Showing 1 changed file with 49 additions and 2 deletions.
51 changes: 49 additions & 2 deletions lib/private/legacy/OC_Image.php
Original file line number Diff line number Diff line change
Expand Up @@ -748,9 +748,56 @@ public function loadFromFile($imagePath = false) {
if (!$this->checkImageSize($imagePath)) {
return false;
}
$this->resource = @imagecreatefromwebp($imagePath);

// Check for animated header before generating preview since libgd does not handle them well
// Adapted from here: https://stackoverflow.com/a/68491679/4085517 (stripped to only to check for animations + added additional error checking)
// Header format details here: https://developers.google.com/speed/webp/docs/riff_container

// Load up the header data, if any
$fp = fopen($imagePath, 'rb');
if (!$fp) {
return false;
}
$data = fread($fp, 90);
if (!$data) {
return false;
}
fclose($fp);
unset($fp);

$headerFormat = 'A4Riff/' . // get n string
'I1Filesize/' . // get integer (file size but not actual size)
'A4Webp/' . // get n string
'A4Vp/' . // get n string
'A74Chunk';

$header = unpack($headerFormat, $data);
unset($data, $headerFormat);
if (!$header) {
return false;
}

// Check if we're really dealing with a valid WEBP header rather than just one suffixed ".webp"
if (!isset($header['Riff']) || strtoupper($header['Riff']) !== 'RIFF') {
return false;
}
if (!isset($header['Webp']) || strtoupper($header['Webp']) !== 'WEBP') {
return false;
}
if (!isset($header['Vp']) || strpos(strtoupper($header['Vp']), 'VP8') === false) {
return false;
}

// Check for animation indicators
if (strpos(strtoupper($header['Chunk']), 'ANIM') !== false || strpos(strtoupper($header['Chunk']), 'ANMF') !== false) {
// Animated so don't let it reach libgd
$this->logger->debug('OC_Image->loadFromFile, animated WEBP images not supported: ' . $imagePath, ['app' => 'core']);
} else {
// We're safe so give it to libgd
$this->resource = @imagecreatefromwebp($imagePath);
}
} else {
$this->logger->debug('OC_Image->loadFromFile, webp images not supported: ' . $imagePath, ['app' => 'core']);
$this->logger->debug('OC_Image->loadFromFile, WEBP images not supported: ' . $imagePath, ['app' => 'core']);
}
break;
/*
Expand Down

0 comments on commit 1b50d28

Please sign in to comment.