diff options
| author | Pierre Ossman <ossman@cendio.se> | 2019-12-23 15:37:48 +0100 |
|---|---|---|
| committer | Pierre Ossman <ossman@cendio.se> | 2019-12-23 15:42:02 +0100 |
| commit | 4babdf33bd6441343ce33802d72ef69e74d6f69d (patch) | |
| tree | 521f59d6bfd03c7a079e649a0ddb74b65533b74a | |
| parent | b8d1a8bb57c0e1bff08ea5df2c62b9479ce49d02 (diff) | |
| download | novnc-4babdf33bd6441343ce33802d72ef69e74d6f69d.tar.gz | |
Validate decoded image dimensions
They are expected to be a certain size, so verify this so no server
tries to do something broken.
| -rw-r--r-- | core/decoders/tight.js | 2 | ||||
| -rw-r--r-- | core/decoders/tightpng.js | 2 | ||||
| -rw-r--r-- | core/display.js | 12 | ||||
| -rw-r--r-- | docs/API-internal.md | 2 |
4 files changed, 13 insertions, 5 deletions
diff --git a/core/decoders/tight.js b/core/decoders/tight.js index b1ee91a..7695d44 100644 --- a/core/decoders/tight.js +++ b/core/decoders/tight.js @@ -92,7 +92,7 @@ export default class TightDecoder { return false; } - display.imageRect(x, y, "image/jpeg", data); + display.imageRect(x, y, width, height, "image/jpeg", data); return true; } diff --git a/core/decoders/tightpng.js b/core/decoders/tightpng.js index fbdeac6..82f492d 100644 --- a/core/decoders/tightpng.js +++ b/core/decoders/tightpng.js @@ -16,7 +16,7 @@ export default class TightPNGDecoder extends TightDecoder { return false; } - display.imageRect(x, y, "image/png", data); + display.imageRect(x, y, width, height, "image/png", data); return true; } diff --git a/core/display.js b/core/display.js index 097684d..c895717 100644 --- a/core/display.js +++ b/core/display.js @@ -359,14 +359,16 @@ export default class Display { } } - imageRect(x, y, mime, arr) { + imageRect(x, y, width, height, mime, arr) { const img = new Image(); img.src = "data: " + mime + ";base64," + Base64.encode(arr); this._renderQ_push({ 'type': 'img', 'img': img, 'x': x, - 'y': y + 'y': y, + 'width': width, + 'height': height }); } @@ -616,6 +618,12 @@ export default class Display { break; case 'img': if (a.img.complete) { + if (a.img.width !== a.width || a.img.height !== a.height) { + Log.Error("Decoded image has incorrect dimensions. Got " + + a.img.width + "x" + a.img.height + ". Expected " + + a.width + "x" + a.height + "."); + return; + } this.drawImage(a.img, a.x, a.y); } else { a.img._noVNC_display = this; diff --git a/docs/API-internal.md b/docs/API-internal.md index f7346a9..f151942 100644 --- a/docs/API-internal.md +++ b/docs/API-internal.md @@ -103,7 +103,7 @@ None | flush | () | Resume processing the render queue unless it's empty | fillRect | (x, y, width, height, color, from_queue) | Draw a filled in rectangle | copyImage | (old_x, old_y, new_x, new_y, width, height, from_queue) | Copy a rectangular area -| imageRect | (x, y, mime, arr) | Draw a rectangle with an image +| imageRect | (x, y, width, height, mime, arr) | Draw a rectangle with an image | startTile | (x, y, width, height, color) | Begin updating a tile | subTile | (tile, x, y, w, h, color) | Update a sub-rectangle within the given tile | finishTile | () | Draw the current tile to the display |