From 7c966b69d5b06ea7c1bf418175db782d0e91e92d Mon Sep 17 00:00:00 2001
From: wn_ <invalid@email.com>
Date: Mon, 22 Feb 2021 18:03:36 +0000
Subject: [PATCH] Check whether data is parsable by 'imagecreatefromstring' in
 jimIcon.

---
 lib/jimIcon.php | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/lib/jimIcon.php b/lib/jimIcon.php
index f8e533f90..eaa768272 100644
--- a/lib/jimIcon.php
+++ b/lib/jimIcon.php
@@ -104,11 +104,11 @@ class jimIcon {
                 }
 
                 // See if we can parse it (might be PNG format here)
-                $i = @imagecreatefromstring($data);
-
-                if ($i) {
-                        imagesavealpha($i, true);
-                        return $i;
+                if (self::has_parsable_image_type($data)) {
+                        if ($i = @imagecreatefromstring($data)) {
+                                imagesavealpha($i, true);
+                                return $i;
+                        }
                 }
 
                 // Must be a BMP.  Parse it ourselves.
@@ -267,5 +267,12 @@ class jimIcon {
                 }
                 return $img;
         }
+
+        // Checks whether the data is a type parsable by imagecreatefromstring()
+        private function has_parsable_image_type($image_data) {
+                $size = getimagesizefromstring($image_data);
+                return $size && in_array($size[2],
+                        [IMAGETYPE_JPEG, IMAGETYPE_PNG, IMAGETYPE_GIF, IMAGETYPE_BMP, IMAGETYPE_WBMP, IMAGETYPE_WEBP]);
+        }
 }
 ?>
-- 
GitLab