mirrors/catstodon
1
0
Fork 0
mirror of https://git.kescher.at/CatCatNya/catstodon.git synced 2024-11-22 11:48:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

blurhash_transcoder: prevent out-of-bound reads with <8bpp images

Browse source 
Backport from vanilla: 36bc90e8aa

The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.
This commit is contained in:
Jeremy Kescher 2022-11-11 21:24:58 +01:00
parent 0caa35c1f9
commit 1f2f01370b
No known key found for this signature in database
GPG key ID: 48DFE4BB15BA5940
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/paperclip/blurhash_transcoder.rb
View file

@ -5,7 +5,7 @@ module Paperclip
def make
return @file unless options[:style] == :small || options[:blurhash]
pixels = convert(':source RGB:-', source: File.expand_path(@file.path)).unpack('C*')
pixels = convert(':source -depth 8 RGB:-', source: File.expand_path(@file.path)).unpack('C*')
geometry = options.fetch(:file_geometry_parser).from_file(@file)
attachment.instance.blurhash = Blurhash.encode(geometry.width, geometry.height, pixels, **(options[:blurhash] || {}))