Add safe checks around use of QImageReader (#3736)

Co-authored-by: pajlada <rasmus.karlsson@pajlada.com>
2024-11-21 22:24:07 +01:00 · 2022-05-28 11:48:31 +00:00 · 2022-05-28 11:48:31 +00:00 · efcfb19187
commit efcfb19187
parent 135f914b38
3 changed files with 35 additions and 12 deletions
--- a/src/messages/Image.cpp
+++ b/src/messages/Image.cpp
@ -138,14 +138,6 @@ namespace detail {
    {
        QVector<Frame<QImage>> frames;
        if (reader.imageCount() == 0)
        {
            qCDebug(chatterinoImage)
                << "Error while reading image" << url.string << ": '"
                << reader.errorString() << "'";
            return frames;
        }
        QImage image;
        for (int index = 0; index < reader.imageCount(); ++index)
        {
@ -413,8 +405,30 @@ void Image::actuallyLoad()
            buffer.open(QIODevice::ReadOnly);
            QImageReader reader(&buffer);
            if (!reader.canRead())
            {
                qCDebug(chatterinoImage)
                    << "Error: image cant be read " << shared->url().string;
                return Failure;
            }
            const auto size = reader.size();
            if (size.isEmpty())
            {
                return Failure;
            }
            // returns 1 for non-animated formats
            if (reader.imageCount() <= 0)
            {
                qCDebug(chatterinoImage)
                    << "Error: image has less than 1 frame "
                    << shared->url().string << ": " << reader.errorString();
                return Failure;
            }
            // use "double" to prevent int overflows
-            if (double(reader.size().width()) * double(reader.size().height()) *
+            if (double(size.width()) * double(size.height()) *
                    double(reader.imageCount()) * 4.0 >
                double(Image::maxBytesRam))
            {
--- a/src/messages/MessageBuilder.cpp
+++ b/src/messages/MessageBuilder.cpp
@ -14,7 +14,6 @@
 #include "util/FormatTime.hpp"
 #include <QDateTime>
 #include <QImageReader>
 namespace chatterino {
--- a/src/providers/twitch/TwitchBadges.cpp
+++ b/src/providers/twitch/TwitchBadges.cpp
@ -204,8 +204,18 @@ void TwitchBadges::loadEmoteImage(const QString &name, ImagePtr image,
            buffer.open(QIODevice::ReadOnly);
            QImageReader reader(&buffer);
-            QImage image;
+            if (!reader.canRead() || reader.size().isEmpty())
-            if (reader.imageCount() == 0 || !reader.read(&image))
+            {
                return Failure;
            }
            QImage image = reader.read();
            if (image.isNull())
            {
                return Failure;
            }
            if (reader.imageCount() <= 0)
            {
                return Failure;
            }