Validate image bounds before decoding (#11)

This PR adds metadata validation before full image decode in the img and dir commands.

Author: piy4l

src/PrivatePdfConverter/Commands/DirToPdf.cs

@@ -23,7 +23,16 @@ public static void ConvertDirectoryToOnePdf(string path, string? output)
         }
 
         using var images = new MagickImageCollection();
-        supportedFiles.ForEach(x => images.Add(new MagickImage(x)));
+        foreach (var file in supportedFiles)
+        {
+            var image = FileService.LoadValidatedImage(file);
+            if (image is null)
+            {
+                return;
+            }
+
+            images.Add(image);
+        }
 
         SaveAsPdf(path, images, output);
     }

src/PrivatePdfConverter/Commands/ImgToPdf.cs

@@ -23,8 +23,13 @@ public static void ConvertImageToOnePdf(string path, string? output)
         Log.Logger.Information("Read 1 file with name: {FileName}, Full path: '{Path}'", Path.GetFileName(path), path);
 
         using var images = new MagickImageCollection();
-        images.Add(new MagickImage(path));
+        var image = FileService.LoadValidatedImage(path);
+        if (image is null)
+        {
+            return;
+        }
 
+        images.Add(image);
         SaveAsPdf(path, images, output);
     }
 

src/PrivatePdfConverter/Services/FileService.cs

@@ -1,9 +1,16 @@
+using ImageMagick;
 using Serilog;
 
 namespace PrivatePdfConverter.Services;
 
 public static class FileService
 {
+    // Conservative defaults chosen to allow typical high-resolution images
+    // while rejecting obviously pathological dimensions before full decode.
+    private const ulong MaxWidth = 10_000;
+    private const ulong MaxHeight = 10_000;
+    private const ulong MaxArea = 100_000_000;
+
     public static IEnumerable<string> ValidExtensions { get; } =
     [
         "jpg", "jpeg", "bmp", "gif", "png", "tif", "tiff", "webp"
@@ -12,6 +19,35 @@ public static class FileService
     public static bool IsImage(this string? extension)
         => !string.IsNullOrEmpty(extension) && ValidExtensions.Contains(extension.ToLower()[1..]);
 
+    public static MagickImage? LoadValidatedImage(string path)
+    {
+        using var headerImage = new MagickImage();
+        headerImage.Ping(path);
+
+        var width = headerImage.Width;
+        var height = headerImage.Height;
+        var area = (ulong)width * height;
+
+        if (width == 0 || height == 0)
+        {
+            Log.Logger.Error("Image '{Path}' has invalid dimensions {Width}x{Height}.", path, width, height);
+            return null;
+        }
+
+        if (width > MaxWidth || height > MaxHeight || area > MaxArea)
+        {
+            Log.Logger.Error(
+                "Image '{Path}' exceeds the supported limits ({Width}x{Height}, area {Area}).",
+                path,
+                width,
+                height,
+                area);
+            return null;
+        }
+
+        return new MagickImage(path);
+    }
+
     public static IEnumerable<string> LoadFilePathsFromDirectory(this string path, string searchPattern = "*")
     {
         var files = Directory.GetFiles(path, searchPattern).ToList();