File tree 2 files changed +19
-6
lines changed 2 files changed +19
-6
lines changed Original file line number Diff line number Diff line change @@ -494,6 +494,17 @@ read_jpeg_header( ReadJpeg *jpeg, VipsImage *out )
494494 */
495495 jpeg -> eman .pub .trace_level = 3 ;
496496
497+ /* Here for longjmp() from vips__new_error_exit() during
498+ * jpeg_read_header(),
499+ */
500+ if ( setjmp ( jpeg -> eman .jmp ) ) {
501+ #ifdef DEBUG
502+ printf ( "read_jpeg_header: longjmp() exit\n" );
503+ #endif /*DEBUG*/
504+
505+ return ( -1 );
506+ }
507+
497508 /* Read JPEG header. libjpeg will set out_color_space sanely for us
498509 * for YUV YCCK etc.
499510 */
Original file line number Diff line number Diff line change 165165void
166166vips__new_output_message ( j_common_ptr cinfo )
167167{
168+ ErrorManager * eman = (ErrorManager * ) cinfo -> err ;
169+
168170 /* Some DoS attacks use jpg files with thousands of warnings. Try to
169171 * limit the effect these have.
170172 */
171- if ( cinfo -> err -> num_warnings >= 20 ) {
172- if ( cinfo -> err -> num_warnings == 20 ) {
173- vips_error ( "VipsJpeg" ,
174- "%s" , _ ( "too many warnings" ) );
175- }
173+ if ( cinfo -> err -> num_warnings >= 100 ) {
174+ vips_error ( "VipsJpeg" , "%s" , _ ( "too many warnings" ) );
176175
177- jpeg_abort ( cinfo );
176+ /* Bail out of jpeg load (ugh!). We have to hope our caller
177+ * has set this up.
178+ */
179+ longjmp ( eman -> jmp , 1 );
178180 }
179181 else {
180182 char buffer [JMSG_LENGTH_MAX ];
You can’t perform that action at this time.
0 commit comments