Branch: refs/heads/webkitglib/2.50
Home: https://github.com/WebKit/WebKit
Commit: 4ea251c1b0223dcf7ae6400ca4544355b6c3195e
https://github.com/WebKit/WebKit/commit/4ea251c1b0223dcf7ae6400ca4544355b6c3195e
Author: Adrian Perez de Castro <[email protected]>
Date: 2025-11-22 (Sat, 22 Nov 2025)
Changed paths:
M Source/WebCore/platform/image-decoders/png/PNGImageDecoder.cpp
M Source/WebCore/platform/image-decoders/png/PNGImageDecoder.h
Log Message:
-----------
Cherry-pick 303448@main (7837212f52f3).
https://bugs.webkit.org/show_bug.cgi?id=302941
Limit the amount of data that PNGImageDecoder may decode
https://bugs.webkit.org/show_bug.cgi?id=302941
Reviewed by Patrick Griffis.
Keep a running count of the amount of pixels decoded, update it on every
frame decoded for an image, and bail out if it would grow large enough
to potentially cause memory exhaustion. While at it, limit the maximum
amount of frames that an APNG file may have, and define it to be large
enough to cover ~70 minutes of animation at 60fps.
* Source/WebCore/platform/image-decoders/png/PNGImageDecoder.cpp:
(WebCore::PNGImageDecoder::headerAvailable):
(WebCore::PNGImageDecoder::readChunks):
* Source/WebCore/platform/image-decoders/png/PNGImageDecoder.h:
Canonical link: https://commits.webkit.org/303448@main
Canonical link: https://commits.webkit.org/298234.300@webkitglib/2.50
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
