RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 12:17:44 +00:00
Code Issues Activity Actions

LibGfx: Fail JPEG decode instead of asserting on bogus start-of-scan

Browse source 
Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28628
This commit is contained in:
Andreas Kling 2020-12-23 19:22:15 +01:00
parent 0fc8561029
commit cd046fae44
1 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Libraries/LibGfx/JPGLoader.cpp
View file

@ -552,7 +552,10 @@ static bool read_start_of_scan(InputMemoryStream& stream, JPGLoadingContext& con
auto it = context.components.find(component_id); auto it = context.components.find(component_id);
if (it != context.components.end()) { if (it != context.components.end()) {
component = &it->value; component = &it->value;
ASSERT(i == component->serial_id); if (i != component->serial_id) {
dbgln("JPEG decode failed (i != component->serial_id)");
return false;
}
} else { } else {
#ifdef JPG_DEBUG #ifdef JPG_DEBUG
dbg() << stream.offset() << String::format(": Unsupported component id: %i!", component_id); dbg() << stream.offset() << String::format(": Unsupported component id: %i!", component_id);