diff --git a/td/telegram/ThemeManager.cpp b/td/telegram/ThemeManager.cpp index 62ddb7a33..07ec13a69 100644 --- a/td/telegram/ThemeManager.cpp +++ b/td/telegram/ThemeManager.cpp @@ -26,6 +26,18 @@ namespace td { +static bool are_colors_valid(const vector &colors, size_t min_size, size_t max_size) { + if (min_size > colors.size() || colors.size() > max_size) { + return false; + } + for (auto &color : colors) { + if (color < 0 || color > 0xFFFFFF) { + return false; + } + } + return true; +} + class GetChatThemesQuery final : public Td::ResultHandler { Promise> promise_; @@ -637,6 +649,8 @@ td_api::object_ptr ThemeManager::AccentColors::get_u auto light_colors = it.second; auto dark_it = dark_colors_.find(it.first); auto dark_colors = dark_it != dark_colors_.end() ? dark_it->second : light_colors; + CHECK(!light_colors.empty()); + CHECK(!dark_colors.empty()); auto first_color = light_colors[0]; int best_index = 0; int32 best_distance = get_distance(base_colors[0], first_color); @@ -659,6 +673,11 @@ td_api::object_ptr ThemeManager::get_update_p return profile_accent_colors_.get_update_profile_accent_colors_object(); } +bool ThemeManager::ProfileAccentColor::is_valid() const { + return are_colors_valid(palette_colors_, 1, 2) && are_colors_valid(background_colors_, 1, 2) && + are_colors_valid(story_colors_, 2, 2); +} + td_api::object_ptr ThemeManager::ProfileAccentColor::get_profile_accent_colors_object() const { return td_api::make_object( @@ -822,16 +841,35 @@ void ThemeManager::on_get_accent_colors(Resulthidden_) { - accent_color_ids.push_back(accent_color_id); - } + bool is_valid = true; + vector current_light_colors; + vector current_dark_colors; if (option->colors_ != nullptr) { auto colors = telegram_api::move_object_as(option->colors_); - light_colors[accent_color_id] = std::move(colors->colors_); + current_light_colors = std::move(colors->colors_); + if (!are_colors_valid(current_light_colors, 1, 3)) { + is_valid = false; + } } if (option->dark_colors_ != nullptr) { auto colors = telegram_api::move_object_as(option->dark_colors_); - dark_colors[accent_color_id] = std::move(colors->colors_); + current_dark_colors = std::move(colors->colors_); + if (!are_colors_valid(current_dark_colors, 1, 3)) { + is_valid = false; + } + } + if (!is_valid) { + LOG(ERROR) << "Receive invalid colors for " << accent_color_id; + continue; + } + if (!option->hidden_) { + accent_color_ids.push_back(accent_color_id); + } + if (!current_light_colors.empty()) { + light_colors[accent_color_id] = std::move(current_light_colors); + } + if (!current_dark_colors.empty()) { + dark_colors[accent_color_id] = std::move(current_dark_colors); } } @@ -892,11 +930,17 @@ void ThemeManager::on_get_profile_accent_colors( LOG(ERROR) << "Receive " << to_string(option); continue; } + auto current_light_color = get_profile_accent_color(std::move(option->colors_)); + auto current_dark_color = get_profile_accent_color(std::move(option->dark_colors_)); + if (!current_light_color.is_valid() || !current_dark_color.is_valid()) { + LOG(ERROR) << "Receive invalid colors for " << accent_color_id; + continue; + } if (!option->hidden_) { accent_color_ids.push_back(accent_color_id); } - light_colors[accent_color_id] = get_profile_accent_color(std::move(option->colors_)); - dark_colors[accent_color_id] = get_profile_accent_color(std::move(option->dark_colors_)); + light_colors[accent_color_id] = std::move(current_light_color); + dark_colors[accent_color_id] = std::move(current_dark_color); } bool is_changed = false; diff --git a/td/telegram/ThemeManager.h b/td/telegram/ThemeManager.h index 8e50c68a5..d9b09af98 100644 --- a/td/telegram/ThemeManager.h +++ b/td/telegram/ThemeManager.h @@ -113,6 +113,8 @@ class ThemeManager final : public Actor { vector background_colors_; vector story_colors_; + bool is_valid() const; + td_api::object_ptr get_profile_accent_colors_object() const; template