Fl_JPEG_Image could still crash an app with a corrupt JPEG file

(STR #739) src/Fl_JPEG_Image.cxx: - Use setjmp/longjmp to catch JPEG file errors and prevent the JPEG library from crashing the FLTK app. git-svn-id: file:///fltk/svn/fltk/branches/branch-1.1@4061 ea41ed52-d2ee-0310-a9c1-e6b18d33e121
2026-06-06 00:22:42 +08:00 · 2005-03-05 15:25:30 +00:00
parent 62721060db
commit 52e086f75b
2 changed files with 26 additions and 29 deletions
@@ -1,6 +1,8 @@
 CHANGES IN FLTK 1.1.7

 	- Documentation fixes (STR #648, STR #692, STR #745)
+	- Fl_JPEG_Image could still crash an app with a corrupt
+	  JPEG file (STR #739)
 	- Using the layout alignment controls on a menu widget
 	  would cause FLUID to crash (STR #742)
 	- Added QNX bug workaround for menu handling (STR #704)
@@ -36,6 +36,7 @@
 #include <config.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <setjmp.h>


 // Some releases of the Cygwin JPEG libraries don't have a correctly
@@ -62,7 +63,7 @@ extern "C"
 #ifdef HAVE_LIBJPEG
 struct fl_jpeg_error_mgr {
  jpeg_error_mgr	pub_;		// Destination manager...
-  int			err_;		// Error flag
+  jmp_buf		errhand_;	// Error handler
 };
 #endif // HAVE_LIBJPEG

@@ -74,7 +75,7 @@ struct fl_jpeg_error_mgr {
 #ifdef HAVE_LIBJPEG
 static void
 fl_jpeg_error_handler(j_common_ptr dinfo) {	// I - Decompressor info
-  ((fl_jpeg_error_mgr *)(dinfo->err))->err_ = 1;
+  longjmp(((fl_jpeg_error_mgr *)(dinfo->err))->errhand_, 1);
  return;
 }

@@ -109,51 +110,10 @@ Fl_JPEG_Image::Fl_JPEG_Image(const char *jpeg)	// I - File to load
  dinfo.err                = jpeg_std_error((jpeg_error_mgr *)&jerr);
  jerr.pub_.error_exit     = fl_jpeg_error_handler;
  jerr.pub_.output_message = fl_jpeg_output_handler;
-  jerr.err_                = 0;
-
-  jpeg_create_decompress(&dinfo);
-  jpeg_stdio_src(&dinfo, fp);
-  jpeg_read_header(&dinfo, 1);
-
-  if (jerr.err_) goto error_return;
-
-  dinfo.quantize_colors      = (boolean)FALSE;
-  dinfo.out_color_space      = JCS_RGB;
-  dinfo.out_color_components = 3;
-  dinfo.output_components    = 3;
-
-  jpeg_calc_output_dimensions(&dinfo);
-
-  w(dinfo.output_width);
-  h(dinfo.output_height);
-  d(dinfo.output_components);
-
-  if (!w() || !h() || !d() || jerr.err_) goto error_return;
-
-  array = new uchar[w() * h() * d()];
-  alloc_array = 1;
-
-  jpeg_start_decompress(&dinfo);
-
-  while (dinfo.output_scanline < dinfo.output_height) {
-    if (jerr.err_) goto error_return;
-
-    row = (JSAMPROW)(array +
-                     dinfo.output_scanline * dinfo.output_width *
-                     dinfo.output_components);
-    jpeg_read_scanlines(&dinfo, &row, (JDIMENSION)1);
-  }
-
-  jpeg_finish_decompress(&dinfo);
-  jpeg_destroy_decompress(&dinfo);
-
-  fclose(fp);
-
-  return;

+  if (setjmp(jerr.errhand_))
+  {
    // JPEG error handling...
-  error_return:
-
    if (array) jpeg_finish_decompress(&dinfo);
    jpeg_destroy_decompress(&dinfo);

@@ -168,6 +128,41 @@ Fl_JPEG_Image::Fl_JPEG_Image(const char *jpeg)	// I - File to load
      array = 0;
      alloc_array = 0;
    }
+
+    return;
+  }
+
+  jpeg_create_decompress(&dinfo);
+  jpeg_stdio_src(&dinfo, fp);
+  jpeg_read_header(&dinfo, 1);
+
+  dinfo.quantize_colors      = (boolean)FALSE;
+  dinfo.out_color_space      = JCS_RGB;
+  dinfo.out_color_components = 3;
+  dinfo.output_components    = 3;
+
+  jpeg_calc_output_dimensions(&dinfo);
+
+  w(dinfo.output_width);
+  h(dinfo.output_height);
+  d(dinfo.output_components);
+
+  array = new uchar[w() * h() * d()];
+  alloc_array = 1;
+
+  jpeg_start_decompress(&dinfo);
+
+  while (dinfo.output_scanline < dinfo.output_height) {
+    row = (JSAMPROW)(array +
+                     dinfo.output_scanline * dinfo.output_width *
+                     dinfo.output_components);
+    jpeg_read_scanlines(&dinfo, &row, (JDIMENSION)1);
+  }
+
+  jpeg_finish_decompress(&dinfo);
+  jpeg_destroy_decompress(&dinfo);
+
+  fclose(fp);
 #endif // HAVE_LIBJPEG
 }