diff options
| author | Emmanuele Bassi <ebassi@gnome.org> | 2022-08-09 23:11:31 +0100 |
|---|---|---|
| committer | Emmanuele Bassi <ebassi@gnome.org> | 2022-08-09 23:11:31 +0100 |
| commit | b78a83a76e88e95c16fb8534a7c19f15d38c43af (patch) | |
| tree | 87240fa273dd6527c14a92b83ae035b057819054 | |
| parent | 3313034f3cba6a7532bcf87e9756c0d823243dc4 (diff) | |
| download | gdk-pixbuf-ebassi/issue-209.tar.gz | |
jpeg: Avoid an infinite loop with invalid imagesebassi/issue-209
When loading an invalid image with a missing EOI marker we end up
triggering an infinite loop inside libjpeg.
Original patch by: Sam Ezeh <sam.z.ezeh@gmail.com>
Fixes: #209
| -rw-r--r-- | gdk-pixbuf/io-jpeg.c | 1 | ||||
| -rw-r--r-- | tests/issue209.jpg | bin | 0 -> 316 bytes | |||
| -rw-r--r-- | tests/meson.build | 1 | ||||
| -rw-r--r-- | tests/pixbuf-jpeg.c | 36 |
4 files changed, 37 insertions, 1 deletions
diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c index 22f4174fe..5a92aa4c4 100644 --- a/gdk-pixbuf/io-jpeg.c +++ b/gdk-pixbuf/io-jpeg.c @@ -879,7 +879,6 @@ gdk_pixbuf__jpeg_image_stop_load (gpointer data, GError **error) src->buffer[src->skip_next] = (JOCTET) 0xFF; src->buffer[src->skip_next + 1] = (JOCTET) JPEG_EOI; src->pub.next_input_byte = src->buffer + src->skip_next; - src->pub.bytes_in_buffer = 2; gdk_pixbuf__jpeg_image_load_lines (context, NULL); } diff --git a/tests/issue209.jpg b/tests/issue209.jpg Binary files differnew file mode 100644 index 000000000..853dd6b6e --- /dev/null +++ b/tests/issue209.jpg diff --git a/tests/meson.build b/tests/meson.build index 28c252535..a8a506fe1 100644 --- a/tests/meson.build +++ b/tests/meson.build @@ -153,6 +153,7 @@ test_data = [ 'circular-table.gif', 'issue70.jpg', 'issue205.jpg', + 'issue209.jpg', ] installed_test_bindir = join_paths(gdk_pixbuf_libexecdir, 'installed-tests', meson.project_name()) diff --git a/tests/pixbuf-jpeg.c b/tests/pixbuf-jpeg.c index be2c6b4fe..45801ba3d 100644 --- a/tests/pixbuf-jpeg.c +++ b/tests/pixbuf-jpeg.c @@ -205,6 +205,41 @@ test_jpeg_fbfbfbfb (void) g_free (contents); } +static void +test_jpeg_no_eoi (void) +{ + GdkPixbufLoader *loader; + GdkPixbuf *pixbuf; + GError *error = NULL; + gchar *contents; + gsize size; + + if (!format_supported ("jpeg")) + { + g_test_skip ("format not supported"); + return; + } + + g_test_message ("Load JPEG with no EOI marker (issue: 209)"); + + g_file_get_contents (g_test_get_filename (G_TEST_DIST, "issue209.jpg", NULL), &contents, &size, &error); + g_assert_no_error (error); + + loader = gdk_pixbuf_loader_new (); + + gdk_pixbuf_loader_write (loader, (const guchar*)contents, size, &error); + g_assert_no_error (error); + + gdk_pixbuf_loader_close (loader, &error); + g_assert_error (error, GDK_PIXBUF_ERROR, GDK_PIXBUF_ERROR_CORRUPT_IMAGE); + + pixbuf = gdk_pixbuf_loader_get_pixbuf (loader); + g_assert_nonnull (pixbuf); + + g_object_unref (loader); + g_free (contents); +} + int main (int argc, char **argv) { @@ -217,6 +252,7 @@ main (int argc, char **argv) g_test_add_func ("/pixbuf/jpeg/at_size", test_at_size); g_test_add_func ("/pixbuf/jpeg/issue70", test_jpeg_markers); g_test_add_func ("/pixbuf/jpeg/issue205", test_jpeg_fbfbfbfb); + g_test_add_func ("/pixbuf/jpeg/issue209", test_jpeg_no_eoi); return g_test_run (); } |
