about summary refs log tree commit diff
path: root/lib/paperclip
diff options
context:
space:
mode:
authorPierre Bourdon <delroth@gmail.com>2022-11-11 07:45:16 +0100
committerGitHub <noreply@github.com>2022-11-11 07:45:16 +0100
commit36bc90e8aaf89b5cf64636b404611ff1809ad6f0 (patch)
tree470fd2cf5e645cee01ad821a791d8f1a066feb6c /lib/paperclip
parent73fecc3358bc22a1a83772c62593161267369a1e (diff)
blurhash_transcoder: prevent out-of-bound reads with <8bpp images (#20388)
The Blurhash library used by Mastodon requires an input encoded as 24
bits raw RGB data. The conversion to raw RGB using Imagemagick did not
previously specify the desired bit depth. In some situations, this leads
Imagemagick to output in a pixel format using less bpp than expected.
This then manifested as segfaults of the Sidekiq process due to
out-of-bounds read, or potentially a (highly noisy) memory infoleak.

Fixes #19235.
Diffstat (limited to 'lib/paperclip')
-rw-r--r--lib/paperclip/blurhash_transcoder.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/paperclip/blurhash_transcoder.rb b/lib/paperclip/blurhash_transcoder.rb
index 1c3a6df02..c22c20c57 100644
--- a/lib/paperclip/blurhash_transcoder.rb
+++ b/lib/paperclip/blurhash_transcoder.rb
@@ -5,7 +5,7 @@ module Paperclip
     def make
       return @file unless options[:style] == :small || options[:blurhash]
 
-      pixels   = convert(':source RGB:-', source: File.expand_path(@file.path)).unpack('C*')
+      pixels   = convert(':source -depth 8 RGB:-', source: File.expand_path(@file.path)).unpack('C*')
       geometry = options.fetch(:file_geometry_parser).from_file(@file)
 
       attachment.instance.blurhash = Blurhash.encode(geometry.width, geometry.height, pixels, **(options[:blurhash] || {}))