| commit | 2edcd7667a4e2377cdda83bac4608ba454fdf426 | |
| author | Cyril Hrubis <metan@ucw.cz> | |
| Tue, 12 Dec 2017 17:34:48 +0000 (12 18:34 +0100) | ||
| committer | Cyril Hrubis <metan@ucw.cz> | |
| Tue, 12 Dec 2017 17:35:38 +0000 (12 18:35 +0100) | ||
| tree | f91f05da37f22be8b4ac1597881318c6e6541ba4 | treesnapshot (tar.gz zip) |
| parent | ebc9d039449151402a121e0c45203ace0bb6d365 | commitdiff |
loaders: JPG: Fix bussy loop on corrupted file.
Returning FALSE from the function that feeds the data into libjpeg is
wrong to begin with, in that case the library retries reading
immediatelly which ends up with the loader stuck in an infinite loop.
The correct solution in this situation is either to call the libjpeg
error handler (which we do now in case of an empty IO) or to fake end of
image marker. As faked marker will either result in error handler to be
called from the jpeg library or we may as well happen to load partially
corrupted image.
We also use the error message formatter from the libjpeg library and
print the error message using GP_WARN() now.
Signed-off-by: Cyril Hrubis <metan@ucw.cz>
Returning FALSE from the function that feeds the data into libjpeg is
wrong to begin with, in that case the library retries reading
immediatelly which ends up with the loader stuck in an infinite loop.
The correct solution in this situation is either to call the libjpeg
error handler (which we do now in case of an empty IO) or to fake end of
image marker. As faked marker will either result in error handler to be
called from the jpeg library or we may as well happen to load partially
corrupted image.
We also use the error message formatter from the libjpeg library and
print the error message using GP_WARN() now.
Signed-off-by: Cyril Hrubis <metan@ucw.cz>
| libs/loaders/GP_JPG.c | diffblobblamehistory | |
| tests/afl/data/test.jpg | [new file with mode: 0644] | blob |
| tests/afl/data/test.png | [new file with mode: 0644] | blob |
