Giters

golang / go

The Go programming language

Home Page:https://go.dev

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

x/image/bmp: hang on degenerate image

dvyukov opened this issue · comments

commented

The following program takes 20 seconds to run. The image size is 0x538771456, so it passes the image size sanity check after DecodeConfig. But bmp package actually reads in and decodes every row. Decode should either produce an error or instantly return a 0x0 image.

package main

import (
    "bytes"
    "golang.org/x/image/bmp"
)

func main() {
    data := []byte("BM6\x03\x00\x00\x00\x00\x00\x006\x00\x00\x00(\x00\x00\x00\x00\x00" +
        "\x00\x00\x00\x00\x1d \x01\x00\x18\x00\x00\x00\x00\x00\x00\x00\x00\x1d V" +
        "a\x00lue>`\x0e\x00\x00n\t\x00\x00\x00\x00\x00\x00\x00\x00" +
        "\x00\x00")
    cfg, err := bmp.DecodeConfig(bytes.NewReader(data))
    if err != nil {
        return 0
    }
    if cfg.Width*cfg.Height > 1e6 {
        return 0
    }
    img, err := bmp.Decode(bytes.NewReader(data))
    if err != nil {
        return
    }
    var w bytes.Buffer
    bmp.Encode(&w, img)
}

on commit 4a3ed0c1249ebedab3c715c000034638f1cad002

commented

CL https://golang.org/cl/9836 mentions this issue.