Fix that WebP with custom ICC Profile will randomly crash, because `CGColorSpaceCreateWithICCProfile` does not copy the ICC data pointer, previous code cause a use-after-free issue

This commit is contained in:
DreamPiggy 2019-02-16 16:06:24 +08:00
parent b4b3504274
commit 92cb639713
1 changed files with 3 additions and 1 deletions

View File

@ -429,7 +429,9 @@
WebPChunkIterator chunk_iter; WebPChunkIterator chunk_iter;
int result = WebPDemuxGetChunk(demuxer, "ICCP", 1, &chunk_iter); int result = WebPDemuxGetChunk(demuxer, "ICCP", 1, &chunk_iter);
if (result) { if (result) {
NSData *profileData = [NSData dataWithBytesNoCopy:(void *)chunk_iter.chunk.bytes length:chunk_iter.chunk.size freeWhenDone:NO]; // See #2618, the `CGColorSpaceCreateWithICCProfile` does not copy ICC Profile data, it only retain the byte ptr.
// When the libwebp `WebPDemuxer` dealloc, all chunk will be freed. So we must copy the ICC data (really cheap, less than 10KB)
NSData *profileData = [NSData dataWithBytes:chunk_iter.chunk.bytes length:chunk_iter.chunk.size];
colorSpaceRef = CGColorSpaceCreateWithICCProfile((__bridge CFDataRef)profileData); colorSpaceRef = CGColorSpaceCreateWithICCProfile((__bridge CFDataRef)profileData);
WebPDemuxReleaseChunkIterator(&chunk_iter); WebPDemuxReleaseChunkIterator(&chunk_iter);
} }