From fc22c66103603cb7aafb6326224017384991f4d7 Mon Sep 17 00:00:00 2001 From: Maximilian Seidler Date: Wed, 9 Jul 2025 10:55:54 +0200 Subject: [PATCH] formats: check magic bytes for jpeg and webp --- src/image/Image.cpp | 2 +- src/image/formats/Jpeg.cpp | 3 +++ src/image/formats/Webp.cpp | 3 +++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/image/Image.cpp b/src/image/Image.cpp index 893fc0b..43600fb 100644 --- a/src/image/Image.cpp +++ b/src/image/Image.cpp @@ -74,7 +74,7 @@ Hyprgraphics::CImage::CImage(const std::string& path) : filepath(path) { if (first_word == "PNG") { CAIROSURFACE = PNG::createSurfaceFromPNG(path); mime = "image/png"; - } else if (first_word == "JPEG" && !type_str.contains("XL") && !type_str.contains("2000") { + } else if (first_word == "JPEG" && !type_str.contains("XL") && !type_str.contains("2000")) { CAIROSURFACE = JPEG::createSurfaceFromJPEG(path); imageHasAlpha = false; mime = "image/jpeg"; diff --git a/src/image/formats/Jpeg.cpp b/src/image/formats/Jpeg.cpp index 32e7d52..6958c6f 100644 --- a/src/image/formats/Jpeg.cpp +++ b/src/image/formats/Jpeg.cpp @@ -19,6 +19,9 @@ std::expected JPEG::createSurfaceFromJPEG(const s file.seekg(0); file.read(reinterpret_cast(bytes.data()), bytes.size()); + if (bytes[0] != 0xFF || bytes[1] != 0xD8) + return std::unexpected("loading jpeg: invalid magic bytes"); + // now the JPEG is in the memory jpeg_decompress_struct decompressStruct = {}; diff --git a/src/image/formats/Webp.cpp b/src/image/formats/Webp.cpp index b18df75..e8e946c 100644 --- a/src/image/formats/Webp.cpp +++ b/src/image/formats/Webp.cpp @@ -17,6 +17,9 @@ std::expected WEBP::createSurfaceFromWEBP(const s file.seekg(0); file.read(reinterpret_cast(bytes.data()), bytes.size()); + if (bytes[0] != 'R' || bytes[1] != 'I' || bytes[2] != 'F' || bytes[3] != 'F') + return std::unexpected("loading webp: invalid magic bytes"); + // now the WebP is in the memory WebPDecoderConfig config;