Accueil Explorer Aide
S'inscrire Connexion
chenwenyi
/
SDWebImage
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

Merge pull request #3408 from dreampiggy/threadsafe_fix_imageio_incremental_animation

Fix the potential out of bounds crash for ImageIO incremental animation decoding (like GIF)
DreamPiggy il y a 3 ans
Parent
484bc774e1 364034d11a
commit
3c7c949637
5 fichiers modifiés avec 66 ajouts et 16 suppressions
Vue séparée Afficher les stats Diff
  1. 3 3
      .github/workflows/CI.yml
  2. 3 1
      SDWebImage/Core/SDImageCoderHelper.m
  3. 53 8
      SDWebImage/Core/SDImageIOAnimatedCoder.m
  4. 3 2
      SDWebImage/Core/SDWebImageDefine.m
  5. 4 2
      Tests/Tests/SDImageCacheTests.m

+ 3 - 3
.github/workflows/CI.yml
Voir le fichier 

@@ -126,19 +126,19 @@ jobs:
 
       - name: Test - ${{ matrix.iosDestination }}
 
         run: |
 
           set -o pipefail
 
-          xcodebuild test -workspace "${{ env.WORKSPACE_NAME }}" -scheme "Tests iOS" -destination "${{ matrix.iosDestination }}" -configuration Debug CODE_SIGNING_ALLOWED=NO | xcpretty -c
 
+          xcodebuild test -workspace "${{ env.WORKSPACE_NAME }}" -scheme "Tests iOS" -destination "${{ matrix.iosDestination }}" -configuration Debug CODE_SIGNING_ALLOWED=NO
 
           mv ~/Library/Developer/Xcode/DerivedData/ ./DerivedData/iOS
 
           
       - name: Test - ${{ matrix.macOSDestination }}
 
         run: |
 
           set -o pipefail
 
-          xcodebuild test -workspace "${{ env.WORKSPACE_NAME }}" -scheme "Tests Mac" -destination "${{ matrix.macOSDestination }}" -configuration Debug CODE_SIGNING_ALLOWED=NO | xcpretty -c
 
+          xcodebuild test -workspace "${{ env.WORKSPACE_NAME }}" -scheme "Tests Mac" -destination "${{ matrix.macOSDestination }}" -configuration Debug CODE_SIGNING_ALLOWED=NO
 
           mv ~/Library/Developer/Xcode/DerivedData/ ./DerivedData/macOS
 
     
       - name: Test - ${{ matrix.tvOSDestination }}
 
         run: |
 
           set -o pipefail
 
-          xcodebuild test -workspace "${{ env.WORKSPACE_NAME }}" -scheme "Tests TV" -destination "${{ matrix.tvOSDestination }}" -configuration Debug CODE_SIGNING_ALLOWED=NO | xcpretty -c
 
+          xcodebuild test -workspace "${{ env.WORKSPACE_NAME }}" -scheme "Tests TV" -destination "${{ matrix.tvOSDestination }}" -configuration Debug CODE_SIGNING_ALLOWED=NO
 
           mv ~/Library/Developer/Xcode/DerivedData/ ./DerivedData/tvOS
 
           
       - name: Code Coverage

+ 3 - 1
SDWebImage/Core/SDImageCoderHelper.m
Voir le fichier 

@@ -173,7 +173,7 @@ static const CGFloat kDestSeemOverlap = 2.0f;   // the numbers of pixels to over
 
         return nil;
 
     }
 
     
-    NSMutableArray<SDImageFrame *> *frames = [NSMutableArray array];
 
+    NSMutableArray<SDImageFrame *> *frames;
 
     NSUInteger frameCount = 0;
 
     
 #if SD_UIKIT || SD_WATCH
 
@@ -182,6 +182,7 @@ static const CGFloat kDestSeemOverlap = 2.0f;   // the numbers of pixels to over
 
     if (frameCount == 0) {
 
         return nil;
 
     }
 
+    frames = [NSMutableArray arrayWithCapacity:frameCount];
 
     
     NSTimeInterval avgDuration = animatedImage.duration / frameCount;
 
     if (avgDuration == 0) {
 
@@ -223,6 +224,7 @@ static const CGFloat kDestSeemOverlap = 2.0f;   // the numbers of pixels to over
 
     if (frameCount == 0) {
 
         return nil;
 
     }
 
+    frames = [NSMutableArray arrayWithCapacity:frameCount];
 
     CGFloat scale = animatedImage.scale;
 
     
     for (size_t i = 0; i < frameCount; i++) {

+ 53 - 8
SDWebImage/Core/SDImageIOAnimatedCoder.m
Voir le fichier 

@@ -13,6 +13,7 @@
 
 #import "SDImageCoderHelper.h"
 
 #import "SDAnimatedImageRep.h"
 
 #import "UIImage+ForceDecode.h"
 
+#import "SDInternalMacros.h"
 
 
 // Specify DPI for vector format in CGImageSource, like PDF
 
 static NSString * kSDCGImageSourceRasterizationDPI = @"kCGImageSourceRasterizationDPI";
 
@@ -32,6 +33,8 @@ static NSString * kSDCGImageDestinationRequestedFileSize = @"kCGImageDestination
 
 @implementation SDImageIOAnimatedCoder {
 
     size_t _width, _height;
 
     CGImageSourceRef _imageSource;
 
+    BOOL _incremental;
 
+    SD_LOCK_DECLARE(_lock); // Lock only apply for incremental animation decoding
 
     NSData *_imageData;
 
     CGFloat _scale;
 
     NSUInteger _loopCount;
 
@@ -328,7 +331,7 @@ static NSString * kSDCGImageDestinationRequestedFileSize = @"kCGImageDestination
 
     if (decodeFirstFrame || count <= 1) {
 
         animatedImage = [self.class createFrameAtIndex:0 source:source scale:scale preserveAspectRatio:preserveAspectRatio thumbnailSize:thumbnailSize forceDecode:NO options:nil];
 
     } else {
 
-        NSMutableArray<SDImageFrame *> *frames = [NSMutableArray array];
 
+        NSMutableArray<SDImageFrame *> *frames = [NSMutableArray arrayWithCapacity:count];
 
         
         for (size_t i = 0; i < count; i++) {
 
             UIImage *image = [self.class createFrameAtIndex:i source:source scale:scale preserveAspectRatio:preserveAspectRatio thumbnailSize:thumbnailSize forceDecode:NO options:nil];
 
@@ -364,6 +367,7 @@ static NSString * kSDCGImageDestinationRequestedFileSize = @"kCGImageDestination
 
     if (self) {
 
         NSString *imageUTType = self.class.imageUTType;
 
         _imageSource = CGImageSourceCreateIncremental((__bridge CFDictionaryRef)@{(__bridge NSString *)kCGImageSourceTypeIdentifierHint : imageUTType});
 
+        _incremental = YES;
 
         CGFloat scale = 1;
 
         NSNumber *scaleFactor = options[SDImageCoderDecodeScaleFactor];
 
         if (scaleFactor != nil) {
 
@@ -386,6 +390,7 @@ static NSString * kSDCGImageDestinationRequestedFileSize = @"kCGImageDestination
 
             preserveAspectRatio = preserveAspectRatioValue.boolValue;
 
         }
 
         _preserveAspectRatio = preserveAspectRatio;
 
+        SD_LOCK_INIT(_lock);
 
 #if SD_UIKIT
 
         [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(didReceiveMemoryWarning:) name:UIApplicationDidReceiveMemoryWarningNotification object:nil];
 
 #endif
 
@@ -394,6 +399,7 @@ static NSString * kSDCGImageDestinationRequestedFileSize = @"kCGImageDestination
 
 }
 
 
 - (void)updateIncrementalData:(NSData *)data finished:(BOOL)finished {
 
+    NSCParameterAssert(_incremental);
 
     if (_finished) {
 
         return;
 
     }
 
@@ -421,11 +427,14 @@ static NSString * kSDCGImageDestinationRequestedFileSize = @"kCGImageDestination
 
         }
 
     }
 
     
+    SD_LOCK(_lock);
 
     // For animated image progressive decoding because the frame count and duration may be changed.
 
     [self scanAndCheckFramesValidWithImageSource:_imageSource];
 
+    SD_UNLOCK(_lock);
 
 }
 
 
 - (UIImage *)incrementalDecodedImageWithOptions:(SDImageCoderOptions *)options {
 
+    NSCParameterAssert(_incremental);
 
     UIImage *image;
 
     
     if (_width + _height > 0) {
 
@@ -606,17 +615,21 @@ static NSString * kSDCGImageDestinationRequestedFileSize = @"kCGImageDestination
 
     }
 
     NSUInteger frameCount = CGImageSourceGetCount(imageSource);
 
     NSUInteger loopCount = [self.class imageLoopCountWithSource:imageSource];
 
-    NSMutableArray<SDImageIOCoderFrame *> *frames = [NSMutableArray array];
 
+    _loopCount = loopCount;
 
     
+    NSMutableArray<SDImageIOCoderFrame *> *frames = [NSMutableArray arrayWithCapacity:frameCount];
 
     for (size_t i = 0; i < frameCount; i++) {
 
         SDImageIOCoderFrame *frame = [[SDImageIOCoderFrame alloc] init];
 
         frame.index = i;
 
         frame.duration = [self.class frameDurationAtIndex:i source:imageSource];
 
         [frames addObject:frame];
 
     }
 
+    if (frames.count != frameCount) {
 
+        // frames not match, do not override current value
 
+        return NO;
 
+    }
 
     
     _frameCount = frameCount;
 
-    _loopCount = loopCount;
 
     _frames = [frames copy];
 
     
     return YES;
 
@@ -635,16 +648,48 @@ static NSString * kSDCGImageDestinationRequestedFileSize = @"kCGImageDestination
 
 }
 
 
 - (NSTimeInterval)animatedImageDurationAtIndex:(NSUInteger)index {
 
-    if (index >= _frameCount) {
 
-        return 0;
 
+    NSTimeInterval duration;
 
+    // Incremental Animation decoding may update frames when new bytes available
 
+    // Which should use lock to ensure frame count and frames match, ensure atomic logic
 
+    if (_incremental) {
 
+        SD_LOCK(_lock);
 
+        if (index >= _frames.count) {
 
+            SD_UNLOCK(_lock);
 
+            return 0;
 
+        }
 
+        duration = _frames[index].duration;
 
+        SD_UNLOCK(_lock);
 
+    } else {
 
+        if (index >= _frames.count) {
 
+            return 0;
 
+        }
 
+        duration = _frames[index].duration;
 
     }
 
-    return _frames[index].duration;
 
+    return duration;
 
 }
 
 
 - (UIImage *)animatedImageFrameAtIndex:(NSUInteger)index {
 
-    if (index >= _frameCount) {
 
-        return nil;
 
+    UIImage *image;
 
+    // Incremental Animation decoding may update frames when new bytes available
 
+    // Which should use lock to ensure frame count and frames match, ensure atomic logic
 
+    if (_incremental) {
 
+        SD_LOCK(_lock);
 
+        if (index >= _frames.count) {
 
+            SD_UNLOCK(_lock);
 
+            return nil;
 
+        }
 
+        image = [self safeAnimatedImageFrameAtIndex:index];
 
+        SD_UNLOCK(_lock);
 
+    } else {
 
+        if (index >= _frames.count) {
 
+            return nil;
 
+        }
 
+        image = [self safeAnimatedImageFrameAtIndex:index];
 
     }
 
+    return image;
 
+}
 
+
 
+- (UIImage *)safeAnimatedImageFrameAtIndex:(NSUInteger)index {
 
     NSDictionary *options;
 
     BOOL forceDecode = NO;
 
     if (@available(iOS 15, tvOS 15, *)) {

+ 3 - 2
SDWebImage/Core/SDWebImageDefine.m
Voir le fichier 

@@ -85,9 +85,10 @@ inline UIImage * _Nullable SDScaledImageForScaleFactor(CGFloat scale, UIImage *
 
         UIImage *animatedImage;
 
 #if SD_UIKIT || SD_WATCH
 
         // `UIAnimatedImage` images share the same size and scale.
 
-        NSMutableArray<UIImage *> *scaledImages = [NSMutableArray array];
 
+        NSArray<UIImage *> *images = image.images;
 
+        NSMutableArray<UIImage *> *scaledImages = [NSMutableArray arrayWithCapacity:images.count];
 
         
-        for (UIImage *tempImage in image.images) {
 
+        for (UIImage *tempImage in images) {
 
             UIImage *tempScaledImage = [[UIImage alloc] initWithCGImage:tempImage.CGImage scale:scale orientation:tempImage.imageOrientation];
 
             [scaledImages addObject:tempScaledImage];
 
         }

+ 4 - 2
Tests/Tests/SDImageCacheTests.m
Voir le fichier 

@@ -217,9 +217,11 @@ static NSString *kTestImageKeyPNG = @"TestImageKey.png";
 
     __block BOOL callced = NO;
 
     SDImageCacheToken *token = [SDImageCache.sharedImageCache queryCacheOperationForKey:key done:^(UIImage * _Nullable image, NSData * _Nullable data, SDImageCacheType cacheType) {
 
         callced = true;
 
-        [expectation fulfill]; // callback once fulfill once
 
+        dispatch_after(dispatch_time(DISPATCH_TIME_NOW, 0), dispatch_get_main_queue(), ^{
 
+            [expectation fulfill]; // callback once fulfill once
 
+        });
 
     }];
 
-    dispatch_after(dispatch_time(DISPATCH_TIME_NOW, (int64_t)(1 * NSEC_PER_SEC)), dispatch_get_main_queue(), ^{
 
+    dispatch_after(dispatch_time(DISPATCH_TIME_NOW, 0), dispatch_get_main_queue(), ^{
 
         expect(callced).beFalsy();
 
         [token cancel]; // sync
 
         expect(callced).beTruthy();