stop JPEG load after 20 warnings

mitigates some DoS attacks somewhat

see https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24383

libvips/foreign/jpeg2vips.c

@@ -488,6 +488,12 @@ read_jpeg_header( ReadJpeg *jpeg, VipsImage *out )
 	size_t data_length;
 	int i;
 
+	/* Trace level 3 means emit warning messages as they happen. This
+	 * lets us spot files with crazy numbers of warnings early and
+	 * prevents some DoS attacks.
+	 */
+	jpeg->eman.pub.trace_level = 3;
+
 	/* Read JPEG header. libjpeg will set out_color_space sanely for us 
 	 * for YUV YCCK etc.
 	 */

libvips/foreign/vips2jpeg.c

@@ -165,20 +165,34 @@
 void
 vips__new_output_message( j_common_ptr cinfo )
 {
-	char buffer[JMSG_LENGTH_MAX];
+	/* Some DoS attacks use jpg files with thousands of warnings. Try to
+	 * limit the effect these have.
+	 */
+	if( cinfo->err->num_warnings >= 20 ) {
+		if( cinfo->err->num_warnings == 20 ) {
+			vips_error( "VipsJpeg", 
+				"%s", _( "too many warnings" ) );
+		}
 
-	(*cinfo->err->format_message)( cinfo, buffer );
+		jpeg_abort( cinfo );
-	vips_error( "VipsJpeg", _( "%s" ), buffer );
+	}
+	else {
+		char buffer[JMSG_LENGTH_MAX];
+
+		(*cinfo->err->format_message)( cinfo, buffer );
+		vips_error( "VipsJpeg", _( "%s" ), buffer );
 
 #ifdef DEBUG
-	printf( "vips__new_output_message: \"%s\"\n", buffer );
+		printf( "vips__new_output_message: \"%s\"\n", buffer );
 #endif /*DEBUG*/
 
-	/* This is run for things like file truncated. Signal invalidate to
+		/* This is run for things like file truncated. Signal 
-	 * force this op out of cache. 
+		 * invalidate to force this op out of cache. 
-	 */
+		 */
-        if( cinfo->client_data )
+		if( cinfo->client_data )
-		vips_foreign_load_invalidate( VIPS_IMAGE( cinfo->client_data ) );
+			vips_foreign_load_invalidate( 
+				VIPS_IMAGE( cinfo->client_data ) );
+	}
 }
 
 /* New error_exit handler.