commit | 9e190ae4a3c5edc736fd99ba38be1c9d08ea5320 | [log] [tgz] |
---|---|---|
author | Roland Shoemaker <roland@golang.org> | Tue Dec 19 17:53:58 2023 |
committer | Gopher Robot <gobot@golang.org> | Tue Dec 19 18:03:06 2023 |
tree | 17625d3a21c13ef90ebc9ca45ba3b3d6f4b4a5cf | |
parent | 445ab0e75e6df9b6a4d3d5437bda2a7cac74eb72 [diff] |
webp: disallow multiple VP8X chunks Per the spec, there should only be one. A malformed image containing multiple VP8X chunks can cause unexpected memory usage, since DecodeConfig will only parse the first chunk, which contains the canvas size, but a subsequent chunk can indicate a significantly larger canvas, which we will then try to allocate a buffer for. Change-Id: I240ae76162f4293f6e6991020d18d4d3270cb9b6 Reviewed-on: https://go-review.googlesource.com/c/image/+/551416 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Roland Shoemaker <roland@golang.org>
This repository holds supplementary Go image libraries.
The easiest way to install is to run go get -u golang.org/x/image/...
. You can also manually git clone the repository to $GOPATH/src/golang.org/x/image
.
This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.
The main issue tracker for the image repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/image:” in the subject line, so it is easy to find.