diff options
| author |  Matt Sarett <msarett@google.com> | 2016-11-08 15:26:56 -0500 |
|---|---|---|
| committer |  Skia Commit-Bot <skia-commit-bot@chromium.org> | 2016-11-08 21:39:15 +0000 |
| commit | dbdf6d210b7e34d66df8b08596c690b9b12e7f8a (patch) | |
| tree | 332212922222c484e9137f628b793b8426b6447a /src/codec/SkJpegDecoderMgr.cpp | |
| parent | 2c3db3263bdc4b91cd7d21dbfe0501fe9bd476a5 (diff) | |
Fail jpeg decodes on too many progressive scans
BUG:642462
GOLD_TRYBOT_URL= https://gold.skia.org/search?issue=4560
Change-Id: I22891ce1e0b3a1bedefc34dadd5cf34dfc301b79
Reviewed-on: https://skia-review.googlesource.com/4560
Reviewed-by: Leon Scroggins <scroggo@google.com>
Commit-Queue: Matt Sarett <msarett@google.com>
Diffstat (limited to 'src/codec/SkJpegDecoderMgr.cpp')
| -rw-r--r-- | src/codec/SkJpegDecoderMgr.cpp | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/codec/SkJpegDecoderMgr.cpp b/src/codec/SkJpegDecoderMgr.cpp index 70401c0391..c2837aa2b4 100644 --- a/src/codec/SkJpegDecoderMgr.cpp +++ b/src/codec/SkJpegDecoderMgr.cpp @@ -25,6 +25,17 @@ static void output_message(j_common_ptr info) { print_message(info, "output_message"); } +static void progress_monitor(j_common_ptr info) { + int scan = ((j_decompress_ptr)info)->input_scan_number; + // Progressive images with a very large number of scans can cause the + // decoder to hang. Here we use the progress monitor to abort on + // a very large number of scans. 100 is arbitrary, but much larger + // than the number of scans we might expect in a normal image. + if (scan >= 100) { + skjpeg_err_exit(info); + } +} + bool JpegDecoderMgr::returnFalse(const char caller[]) { print_message((j_common_ptr) &fDInfo, caller); return false; @@ -71,6 +82,8 @@ void JpegDecoderMgr::init() { fInit = true; fDInfo.src = &fSrcMgr; fDInfo.err->output_message = &output_message; + fDInfo.progress = &fProgressMgr; + fProgressMgr.progress_monitor = &progress_monitor; } JpegDecoderMgr::~JpegDecoderMgr() { |