It reminds us of the old trick Steganography, where secret data was stashed inside an image. wrote a little tool on GitHub to pack two images into one PNG. Here’s the PNG being decoded every frame: Additionally, found a race condition in desktop safari that results in a slightly different image decoded every time. Since there are now two possible interpretations of a given PNG, you can craft a PNG so that when decoded serially, it shows one image, and when decoded in parallel, it shows another. Since the DEFLATE method uses a window, concating two sections together can produce different results. It is possible for decompress(a+b) != decompress(a) + decompress(b) if a ends halfway through a non-compressed block. Apple uses a similar trick with its iDOT chunks. These sections let the decoder know that a given IDAT chunk can safely be deserialized concurrently into x pieces. added special sections called pLLD sections (the lowercase first letter means that it can be safely ignored by decoders that don’t support it). Given that DEFLATE is inherently serial, it’s tricky to format the data apropriately. If you’re interested, there’s a convenient poster about the format from a great resource we covered a while back. Compression is via the DEFLATE method used in zlib, which is inherently serial. The essential sections are IHDR (the header), IDAT (actual image data), PLTE (the palette information), and IEND (the last chunk in the file). Each chunk is prepended by a four-letter identifier, with a few chunks being critical chunks. After a header, the rest of the file is entirely chunks. PNG (Portable Network Graphics) is an image format just like JPEG, WEBP, or TIFF designed to replace GIFs. For example, found a bug in his multi-threaded PNG decoder and realized that the Apple PNG decoder had the same bug. There are many ways to find these bugs, but one way we don’t hear about very often is finding a bug in your own code, only to realize someone else made the same mistake. Hidden, arbitrary conditions that cause unintended outputs and behaviors. There are millions of tiny bugs all around us, in everything from our desktop applications to the appliances in the kitchen.
0 kommentar(er)
