[gdk-pixbuf] jpeg: Prevent crashes when stopping loading files with errors
- From: Bastien Nocera <hadess src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gdk-pixbuf] jpeg: Prevent crashes when stopping loading files with errors
- Date: Tue, 5 Dec 2017 10:40:16 +0000 (UTC)
commit 28ff9129141825e50ef9dc7b1eec64b82908cdda
Author: Bastien Nocera <hadess hadess net>
Date: Tue Dec 5 11:36:02 2017 +0100
jpeg: Prevent crashes when stopping loading files with errors
This time, we want to make sure to avoid accessing JPEG internals when
an error has already been set, in which case the file is irrecoverable.
Reproducer in pixbuf-randomly-modified, with file valid.2.jpeg and
seed R02S3d1f92e3076dbe16d2840cc408188f81
gdk-pixbuf/io-jpeg.c | 31 +++++++++++++++++--------------
1 files changed, 17 insertions(+), 14 deletions(-)
---
diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
index 6d9169f..e399722 100644
--- a/gdk-pixbuf/io-jpeg.c
+++ b/gdk-pixbuf/io-jpeg.c
@@ -850,20 +850,23 @@ gdk_pixbuf__jpeg_image_stop_load (gpointer data, GError **error)
cinfo = &context->cinfo;
- /* Try to finish loading truncated files */
- if (context->pixbuf &&
- cinfo->output_scanline < cinfo->output_height) {
- my_src_ptr src = (my_src_ptr) cinfo->src;
-
- /* But only if there's enough buffer space left */
- if (src->skip_next < sizeof(src->buffer) - 2) {
- /* Insert a fake EOI marker */
- src->buffer[src->skip_next] = (JOCTET) 0xFF;
- src->buffer[src->skip_next + 1] = (JOCTET) JPEG_EOI;
- src->pub.next_input_byte = src->buffer + src->skip_next;
- src->pub.bytes_in_buffer = 2;
-
- gdk_pixbuf__jpeg_image_load_lines (context, NULL);
+ context->jerr.error = error;
+ if (!sigsetjmp (context->jerr.setjmp_buffer, 1)) {
+ /* Try to finish loading truncated files */
+ if (context->pixbuf &&
+ cinfo->output_scanline < cinfo->output_height) {
+ my_src_ptr src = (my_src_ptr) cinfo->src;
+
+ /* But only if there's enough buffer space left */
+ if (src->skip_next < sizeof(src->buffer) - 2) {
+ /* Insert a fake EOI marker */
+ src->buffer[src->skip_next] = (JOCTET) 0xFF;
+ src->buffer[src->skip_next + 1] = (JOCTET) JPEG_EOI;
+ src->pub.next_input_byte = src->buffer + src->skip_next;
+ src->pub.bytes_in_buffer = 2;
+
+ gdk_pixbuf__jpeg_image_load_lines (context, NULL);
+ }
}
}
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]