[gdk-pixbuf/ebassi/issue-205] jpeg: Limit the memory size when loading image data

[Emmanuele Bassi <ebassi src gnome org>]

commit 600f6b3e801b2cae8e871c0c1427738016f0c665
Author: Emmanuele Bassi <ebassi gnome org>
Date:   Tue Aug 9 16:10:40 2022 +0100

    jpeg: Limit the memory size when loading image data
    
    Specially crafted JPEG images may lead to a crash when their size is too
    large; in the most benign of cases, the OS might terminate the process
    after it tries to allocate all the memory in the world.
    
    We can tell libjpeg to limit the size of the memory pool when loading,
    to avoid this kind of result. For the time being, 100 MB seems like a
    good threshold.
    
    Original patch by: Sam Ezeh <sam z ezeh gmail com>
    
    Fixes: #205

 gdk-pixbuf/io-jpeg.c |   3 +++
 tests/issue205.jpg   | Bin 0 -> 1407 bytes
 tests/meson.build    |   1 +
 tests/pixbuf-jpeg.c  |  36 ++++++++++++++++++++++++++++++++++++
 4 files changed, 40 insertions(+)
---
diff --git a/gdk-pixbuf/io-jpeg.c b/gdk-pixbuf/io-jpeg.c
index 48b163755..906168adb 100644
--- a/gdk-pixbuf/io-jpeg.c
+++ b/gdk-pixbuf/io-jpeg.c
@@ -33,6 +33,7 @@
 #include <jpeglib.h>
 #include <jerror.h>
 #include <math.h>
+#include <sys/resource.h>
 #include <glib/gi18n-lib.h>
 #include "gdk-pixbuf-io.h"
 #include "fallback-c89.c"
@@ -1090,6 +1091,8 @@ gdk_pixbuf__jpeg_image_load_increment (gpointer data,
                        jpeg_save_markers (cinfo, JPEG_COM, 0xffff);
                        rc = jpeg_read_header (cinfo, TRUE);
                        context->src_initialized = TRUE;
+
+                        cinfo->mem->max_memory_to_use = 100 * 1024 * 1024;
                        
                        if (rc == JPEG_SUSPENDED)
                                continue;
diff --git a/tests/issue205.jpg b/tests/issue205.jpg
new file mode 100644
index 000000000..b45ebca78
Binary files /dev/null and b/tests/issue205.jpg differ
diff --git a/tests/meson.build b/tests/meson.build
index 7c6cb113a..28c252535 100644
--- a/tests/meson.build
+++ b/tests/meson.build
@@ -152,6 +152,7 @@ test_data = [
   'aero.gif',
   'circular-table.gif',
   'issue70.jpg',
+  'issue205.jpg',
 ]
 
 installed_test_bindir = join_paths(gdk_pixbuf_libexecdir, 'installed-tests', meson.project_name())
diff --git a/tests/pixbuf-jpeg.c b/tests/pixbuf-jpeg.c
index 3b1f2e4f0..be2c6b4fe 100644
--- a/tests/pixbuf-jpeg.c
+++ b/tests/pixbuf-jpeg.c
@@ -170,6 +170,41 @@ test_jpeg_markers (void)
   g_free (contents);
 }
 
+static void
+test_jpeg_fbfbfbfb (void)
+{
+  GdkPixbufLoader *loader;
+  GdkPixbuf *pixbuf;
+  GError *error = NULL;
+  gchar *contents;
+  gsize size;
+
+  if (!format_supported ("jpeg"))
+    {
+      g_test_skip ("format not supported");
+      return;
+    }
+
+  g_test_message ("Load JPEG with size 0xfbfbfbfb (issue: 250)");
+
+  g_file_get_contents (g_test_get_filename (G_TEST_DIST, "issue205.jpg", NULL), &contents, &size, &error);
+  g_assert_no_error (error);
+
+  loader = gdk_pixbuf_loader_new ();
+
+  gdk_pixbuf_loader_write (loader, (const guchar*)contents, size, &error);
+  g_assert_no_error (error);
+
+  gdk_pixbuf_loader_close (loader, &error);
+  g_assert_error (error, GDK_PIXBUF_ERROR, GDK_PIXBUF_ERROR_CORRUPT_IMAGE);
+
+  pixbuf = gdk_pixbuf_loader_get_pixbuf (loader);
+  g_assert_nonnull (pixbuf);
+
+  g_object_unref (loader);
+  g_free (contents);
+}
+
 int
 main (int argc, char **argv)
 {
@@ -181,6 +216,7 @@ main (int argc, char **argv)
   g_test_add_func ("/pixbuf/jpeg/comment", test_comment);
   g_test_add_func ("/pixbuf/jpeg/at_size", test_at_size);
   g_test_add_func ("/pixbuf/jpeg/issue70", test_jpeg_markers);
+  g_test_add_func ("/pixbuf/jpeg/issue205", test_jpeg_fbfbfbfb);
 
   return g_test_run ();
 }