From ae7e5e7a54208c5ed4b35921850dd29e2e7a34f7 Mon Sep 17 00:00:00 2001 From: John Cupitt Date: Mon, 4 Apr 2022 15:44:37 +0100 Subject: [PATCH] improve fail on too many warings thanks lovell, see https://github.com/libvips/libvips/commit/89bd46d1c4e0465974b886ef5b5021e988f111a2#commitcomment-70409015 --- libvips/foreign/jpeg2vips.c | 11 +++++++++++ libvips/foreign/vips2jpeg.c | 14 ++++++++------ 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/libvips/foreign/jpeg2vips.c b/libvips/foreign/jpeg2vips.c index e3f69ef6..b0b002a3 100644 --- a/libvips/foreign/jpeg2vips.c +++ b/libvips/foreign/jpeg2vips.c @@ -494,6 +494,17 @@ read_jpeg_header( ReadJpeg *jpeg, VipsImage *out ) */ jpeg->eman.pub.trace_level = 3; + /* Here for longjmp() from vips__new_error_exit() during + * jpeg_read_header(), + */ + if( setjmp( jpeg->eman.jmp ) ) { +#ifdef DEBUG + printf( "read_jpeg_header: longjmp() exit\n" ); +#endif /*DEBUG*/ + + return( -1 ); + } + /* Read JPEG header. libjpeg will set out_color_space sanely for us * for YUV YCCK etc. */ diff --git a/libvips/foreign/vips2jpeg.c b/libvips/foreign/vips2jpeg.c index bfe99f4f..feaf92f4 100644 --- a/libvips/foreign/vips2jpeg.c +++ b/libvips/foreign/vips2jpeg.c @@ -165,16 +165,18 @@ void vips__new_output_message( j_common_ptr cinfo ) { + ErrorManager *eman = (ErrorManager *) cinfo->err; + /* Some DoS attacks use jpg files with thousands of warnings. Try to * limit the effect these have. */ - if( cinfo->err->num_warnings >= 20 ) { - if( cinfo->err->num_warnings == 20 ) { - vips_error( "VipsJpeg", - "%s", _( "too many warnings" ) ); - } + if( cinfo->err->num_warnings >= 100 ) { + vips_error( "VipsJpeg", "%s", _( "too many warnings" ) ); - jpeg_abort( cinfo ); + /* Bail out of jpeg load (ugh!). We have to hope our caller + * has set this up. + */ + longjmp( eman->jmp, 1 ); } else { char buffer[JMSG_LENGTH_MAX];