diff options
author | Bastien Nocera <hadess@hadess.net> | 2017-12-05 11:36:02 +0100 |
---|---|---|
committer | Bastien Nocera <hadess@hadess.net> | 2017-12-05 11:38:54 +0100 |
commit | 28ff9129141825e50ef9dc7b1eec64b82908cdda (patch) | |
tree | c26a06c31b4ca23d13558036b792a7aec96b1f91 | |
parent | 9aa37e998282bcf6b2ac0705345ab2017d4b2c9b (diff) | |
download | gdk-pixbuf-28ff9129141825e50ef9dc7b1eec64b82908cdda.tar.gz |
jpeg: Prevent crashes when stopping loading files with errors
This time, we want to make sure to avoid accessing JPEG internals when
an error has already been set, in which case the file is irrecoverable.
Reproducer in pixbuf-randomly-modified, with file valid.2.jpeg and
seed R02S3d1f92e3076dbe16d2840cc408188f81
-rw-r--r-- | gdk-pixbuf/io-jpeg.c | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c index 6d9169f75..e399722ad 100644 --- a/gdk-pixbuf/io-jpeg.c +++ b/gdk-pixbuf/io-jpeg.c @@ -850,20 +850,23 @@ gdk_pixbuf__jpeg_image_stop_load (gpointer data, GError **error) cinfo = &context->cinfo; - /* Try to finish loading truncated files */ - if (context->pixbuf && - cinfo->output_scanline < cinfo->output_height) { - my_src_ptr src = (my_src_ptr) cinfo->src; - - /* But only if there's enough buffer space left */ - if (src->skip_next < sizeof(src->buffer) - 2) { - /* Insert a fake EOI marker */ - src->buffer[src->skip_next] = (JOCTET) 0xFF; - src->buffer[src->skip_next + 1] = (JOCTET) JPEG_EOI; - src->pub.next_input_byte = src->buffer + src->skip_next; - src->pub.bytes_in_buffer = 2; - - gdk_pixbuf__jpeg_image_load_lines (context, NULL); + context->jerr.error = error; + if (!sigsetjmp (context->jerr.setjmp_buffer, 1)) { + /* Try to finish loading truncated files */ + if (context->pixbuf && + cinfo->output_scanline < cinfo->output_height) { + my_src_ptr src = (my_src_ptr) cinfo->src; + + /* But only if there's enough buffer space left */ + if (src->skip_next < sizeof(src->buffer) - 2) { + /* Insert a fake EOI marker */ + src->buffer[src->skip_next] = (JOCTET) 0xFF; + src->buffer[src->skip_next + 1] = (JOCTET) JPEG_EOI; + src->pub.next_input_byte = src->buffer + src->skip_next; + src->pub.bytes_in_buffer = 2; + + gdk_pixbuf__jpeg_image_load_lines (context, NULL); + } } } |