mirrors
/
SDWebImage
mirror of https://github.com/SDWebImage/SDWebImage.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix that WebP with custom ICC Profile will randomly crash, because `CGColorSpaceCreateWithICCProfile` does not copy the ICC data pointer, previous code cause a use-after-free issue

This commit is contained in:
DreamPiggy 2019-02-16 15:48:23 +08:00
parent 16b780b3cc
commit c2a3e60955
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
SDWebImage/SDWebImageWebPCoder.m
View File

@ -342,7 +342,9 @@
WebPChunkIterator chunk_iter;
int result = WebPDemuxGetChunk(demuxer, "ICCP", 1, &chunk_iter);
if (result) {
NSData *profileData = [NSData dataWithBytesNoCopy:(void *)chunk_iter.chunk.bytes length:chunk_iter.chunk.size freeWhenDone:NO];
// See #2618, the `CGColorSpaceCreateWithICCProfile` does not copy ICC Profile data, it only retain the byte ptr.
// When the libwebp `WebPDemuxer` dealloc, all chunk will be freed. So we must copy the ICC data (really cheap, less than 10KB)
NSData *profileData = [NSData dataWithBytes:chunk_iter.chunk.bytes length:chunk_iter.chunk.size];
colorSpaceRef = CGColorSpaceCreateWithICCProfile((__bridge CFDataRef)profileData);
WebPDemuxReleaseChunkIterator(&chunk_iter);
}