From df26bd1e46c67ed7745996627ca0d83e5a6d678d Mon Sep 17 00:00:00 2001
From: Kleis Auke Wolthuizen <github@kleisauke.nl>
Date: Tue, 5 Apr 2022 11:07:29 +0200
Subject: [PATCH] Stop JPEG load after 100 warnings (#2749)

See: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24383
---
 libvips/foreign/jpeg2vips.c | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/libvips/foreign/jpeg2vips.c b/libvips/foreign/jpeg2vips.c
index 067d4efc..7ee820d1 100644
--- a/libvips/foreign/jpeg2vips.c
+++ b/libvips/foreign/jpeg2vips.c
@@ -314,6 +314,30 @@ readjpeg_open_input( ReadJpeg *jpeg )
 	return( 0 );
 }
 
+static void
+readjpeg_emit_message( j_common_ptr cinfo, int msg_level )
+{
+	long num_warnings;
+
+	if( msg_level < 0 ) {
+		/* Always count warnings in num_warnings.
+		 */
+		num_warnings = cinfo->err->num_warnings++;
+
+		/* Corrupt files may give many warnings, the policy here is to
+		 * show only the first warning and treat many warnings as fatal.
+		 */
+		if( num_warnings == 0 )
+			(*cinfo->err->output_message)( cinfo );
+		else if( num_warnings >= 100 )
+			cinfo->err->error_exit( cinfo );
+	}
+	else if( cinfo->err->trace_level >= msg_level )
+		/* It's a trace message. Show it if trace_level >= msg_level.
+		 */
+		(*cinfo->err->output_message)( cinfo );
+}
+
 /* This can be called many times.
  */
 static int
@@ -370,6 +394,7 @@ readjpeg_new( VipsSource *source, VipsImage *out,
 	jpeg->fail_on = fail_on;
         jpeg->cinfo.err = jpeg_std_error( &jpeg->eman.pub );
 	jpeg->eman.pub.error_exit = vips__new_error_exit;
+	jpeg->eman.pub.emit_message = readjpeg_emit_message;
 	jpeg->eman.pub.output_message = vips__new_output_message;
 	jpeg->eman.fp = NULL;
 	jpeg->y_pos = 0;