Let's just say no to shenanigans by capping images at 16384 pixels both
wide and tall. If a day comes in the future where we need to handle
images larger than this, we can deal with it then.
It was possible to go outside the interlacing row strid/offset arrays.
Just fail the decode if this is about to happen. I've added a FIXME
about rejecting such images earlier, since it's a bit sad to only do
this once we realize the pass index is about to overflow.
Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28239
If we try to read a sentinel byte but the stream is fresh out of data,
we have to take care of the stream error and bail out right away, or
we'll hit an assertion when exiting the function soon after.
Fixes#3486.
GIFLoader now tracks the state of errors during the decoding process
and will fall back to displaying the first frame of the GIF if any of
the subsequent frames fail to decode.
GIFLoader now uses a single frame buffer to cache the last decoded
frame. This drastically reduces memory usage at the small expense of
re-decoding frames on each loop.
RestoreBackground disposal mode is now a transparent fill to allow
background to show through.
RestorePrevious disposal mode now restores the previous frame.
This fixes an issue where transparent pixels in GIF animation frames
have their alpha values incorrectly set to zero, allowing the
background behind the GIF to show through, instead of the previous
animation frame.
Additionally, transparent pixels are now correctly identified based on
their index matching the image transparency index, instead of their
color values.
This function did a const_cast internally which made the call side look
"safe". This method is removed completely and call sites are replaced
with ByteBuffer::wrap(const_cast<void*>(data), size) which makes the
behaviour obvious.
And move canonicalized_path() to a static method on LexicalPath.
This is to make it clear that FileSystemPath/canonicalized_path() only
perform *lexical* canonicalization.
Various optimisations to speed up LZWDecoder
- Take advantage of the fact that we add new codes in the order they are
discovered so no need to store the code as part of a separate
CodeTableEntry structure. Instead we store directly store vectors of
colors and the code is the index into the vector.
- Cache current table capacity to avoid calling pow2 every time.
- Prevent some unnecessary vector copies by returning by reference from
get_output.
Adds methods to determine whether an image is animated, how many times
the animation loops, the number of frames, and to get individual frames.
Implements stubs of these methods for PNGImageDecoderPlugin and
GIFImageDecoderPlugin.
The LZW decode step will now copy and pad LZW data out to 4 bytes if there are
less than 4 bytes remaining in the buffer. This means it will now also work when
the total size of the LZW image data is less than 4 bytes.
The sniff method is intended to be used for content sniffing. It should be a
cheap test to rapidly rule out whether a candidate image can be successfully
decoded. For the GIF and PNG implementations it simply attempts to decode the
image header, returning true if successful and false if not.
Also:
- Define the GIFLoadingContext structure.
- The load_gif_impl function now returns load operation success, and takes a
reference to a GIFLoadingContext as input.
- Implement GIFImageDecoderPlugin::bitmap which calls onto load_gif_impl.
