From 1f2f01370b6a7ea472124bedddc35236dd17b6d8 Mon Sep 17 00:00:00 2001 From: Jeremy Kescher Date: Fri, 11 Nov 2022 21:24:58 +0100 Subject: [PATCH] blurhash_transcoder: prevent out-of-bound reads with <8bpp images Backport from vanilla: 36bc90e8aaf89b5cf64636b404611ff1809ad6f0 The Blurhash library used by Mastodon requires an input encoded as 24 bits raw RGB data. The conversion to raw RGB using Imagemagick did not previously specify the desired bit depth. In some situations, this leads Imagemagick to output in a pixel format using less bpp than expected. This then manifested as segfaults of the Sidekiq process due to out-of-bounds read, or potentially a (highly noisy) memory infoleak. --- lib/paperclip/blurhash_transcoder.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/paperclip/blurhash_transcoder.rb b/lib/paperclip/blurhash_transcoder.rb index 1c3a6df025..c22c20c57a 100644 --- a/lib/paperclip/blurhash_transcoder.rb +++ b/lib/paperclip/blurhash_transcoder.rb @@ -5,7 +5,7 @@ module Paperclip def make return @file unless options[:style] == :small || options[:blurhash] - pixels = convert(':source RGB:-', source: File.expand_path(@file.path)).unpack('C*') + pixels = convert(':source -depth 8 RGB:-', source: File.expand_path(@file.path)).unpack('C*') geometry = options.fetch(:file_geometry_parser).from_file(@file) attachment.instance.blurhash = Blurhash.encode(geometry.width, geometry.height, pixels, **(options[:blurhash] || {}))