blurhash_transcoder: prevent out-of-bound reads with <8bpp images (#20388)

The Blurhash library used by Mastodon requires an input encoded as 24 bits raw RGB data. The conversion to raw RGB using Imagemagick did not previously specify the desired bit depth. In some situations, this leads Imagemagick to output in a pixel format using less bpp than expected. This then manifested as segfaults of the Sidekiq process due to out-of-bounds read, or potentially a (highly noisy) memory infoleak. Fixes #19235.
author: Pierre Bourdon <delroth@gmail.com> 2022-11-11 07:45:16 +0100
committer: GitHub <noreply@github.com> 2022-11-11 07:45:16 +0100
commit: 36bc90e8aaf89b5cf64636b404611ff1809ad6f0 (patch)
tree: 470fd2cf5e645cee01ad821a791d8f1a066feb6c /lib/paperclip
parent: 73fecc3358bc22a1a83772c62593161267369a1e (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/paperclip/blurhash_transcoder.rb b/lib/paperclip/blurhash_transcoder.rb
index 1c3a6df02..c22c20c57 100644
--- a/lib/paperclip/blurhash_transcoder.rb
+++ b/lib/paperclip/blurhash_transcoder.rb
@@ -5,7 +5,7 @@ module Paperclip
     def make
       return @file unless options[:style] == :small || options[:blurhash]
 
-      pixels   = convert(':source RGB:-', source: File.expand_path(@file.path)).unpack('C*')
+      pixels   = convert(':source -depth 8 RGB:-', source: File.expand_path(@file.path)).unpack('C*')
       geometry = options.fetch(:file_geometry_parser).from_file(@file)
 
       attachment.instance.blurhash = Blurhash.encode(geometry.width, geometry.height, pixels, **(options[:blurhash] || {}))
author	Pierre Bourdon <delroth@gmail.com>	2022-11-11 07:45:16 +0100
committer	GitHub <noreply@github.com>	2022-11-11 07:45:16 +0100
commit	36bc90e8aaf89b5cf64636b404611ff1809ad6f0 (patch)
tree	470fd2cf5e645cee01ad821a791d8f1a066feb6c /lib/paperclip
parent	73fecc3358bc22a1a83772c62593161267369a1e (diff)