diff options
| author | Michael R Sweet <michael.r.sweet@gmail.com> | 2005-03-05 15:25:30 +0000 |
|---|---|---|
| committer | Michael R Sweet <michael.r.sweet@gmail.com> | 2005-03-05 15:25:30 +0000 |
| commit | 52e086f75b4a31df29dff750a5ff5ab18e1e5863 (patch) | |
| tree | 11b1ff4d91780113e2d8a42bcd4a6137f492d5c6 | |
| parent | 62721060db3886cf627c826ba37627de51be8b48 (diff) | |
Fl_JPEG_Image could still crash an app with a corrupt JPEG file
(STR #739)
src/Fl_JPEG_Image.cxx:
- Use setjmp/longjmp to catch JPEG file errors and prevent the
JPEG library from crashing the FLTK app.
git-svn-id: file:///fltk/svn/fltk/branches/branch-1.1@4061 ea41ed52-d2ee-0310-a9c1-e6b18d33e121
| -rw-r--r-- | CHANGES | 2 | ||||
| -rw-r--r-- | src/Fl_JPEG_Image.cxx | 53 |
2 files changed, 26 insertions, 29 deletions
@@ -1,6 +1,8 @@ CHANGES IN FLTK 1.1.7 - Documentation fixes (STR #648, STR #692, STR #745) + - Fl_JPEG_Image could still crash an app with a corrupt + JPEG file (STR #739) - Using the layout alignment controls on a menu widget would cause FLUID to crash (STR #742) - Added QNX bug workaround for menu handling (STR #704) diff --git a/src/Fl_JPEG_Image.cxx b/src/Fl_JPEG_Image.cxx index 42a2ff44e..aab9fd5b6 100644 --- a/src/Fl_JPEG_Image.cxx +++ b/src/Fl_JPEG_Image.cxx @@ -36,6 +36,7 @@ #include <config.h> #include <stdio.h> #include <stdlib.h> +#include <setjmp.h> // Some releases of the Cygwin JPEG libraries don't have a correctly @@ -62,7 +63,7 @@ extern "C" #ifdef HAVE_LIBJPEG struct fl_jpeg_error_mgr { jpeg_error_mgr pub_; // Destination manager... - int err_; // Error flag + jmp_buf errhand_; // Error handler }; #endif // HAVE_LIBJPEG @@ -74,7 +75,7 @@ struct fl_jpeg_error_mgr { #ifdef HAVE_LIBJPEG static void fl_jpeg_error_handler(j_common_ptr dinfo) { // I - Decompressor info - ((fl_jpeg_error_mgr *)(dinfo->err))->err_ = 1; + longjmp(((fl_jpeg_error_mgr *)(dinfo->err))->errhand_, 1); return; } @@ -109,14 +110,32 @@ Fl_JPEG_Image::Fl_JPEG_Image(const char *jpeg) // I - File to load dinfo.err = jpeg_std_error((jpeg_error_mgr *)&jerr); jerr.pub_.error_exit = fl_jpeg_error_handler; jerr.pub_.output_message = fl_jpeg_output_handler; - jerr.err_ = 0; + + if (setjmp(jerr.errhand_)) + { + // JPEG error handling... + if (array) jpeg_finish_decompress(&dinfo); + jpeg_destroy_decompress(&dinfo); + + fclose(fp); + + w(0); + h(0); + d(0); + + if (array) { + delete[] (uchar *)array; + array = 0; + alloc_array = 0; + } + + return; + } jpeg_create_decompress(&dinfo); jpeg_stdio_src(&dinfo, fp); jpeg_read_header(&dinfo, 1); - if (jerr.err_) goto error_return; - dinfo.quantize_colors = (boolean)FALSE; dinfo.out_color_space = JCS_RGB; dinfo.out_color_components = 3; @@ -128,16 +147,12 @@ Fl_JPEG_Image::Fl_JPEG_Image(const char *jpeg) // I - File to load h(dinfo.output_height); d(dinfo.output_components); - if (!w() || !h() || !d() || jerr.err_) goto error_return; - array = new uchar[w() * h() * d()]; alloc_array = 1; jpeg_start_decompress(&dinfo); while (dinfo.output_scanline < dinfo.output_height) { - if (jerr.err_) goto error_return; - row = (JSAMPROW)(array + dinfo.output_scanline * dinfo.output_width * dinfo.output_components); @@ -148,26 +163,6 @@ Fl_JPEG_Image::Fl_JPEG_Image(const char *jpeg) // I - File to load jpeg_destroy_decompress(&dinfo); fclose(fp); - - return; - - // JPEG error handling... - error_return: - - if (array) jpeg_finish_decompress(&dinfo); - jpeg_destroy_decompress(&dinfo); - - fclose(fp); - - w(0); - h(0); - d(0); - - if (array) { - delete[] (uchar *)array; - array = 0; - alloc_array = 0; - } #endif // HAVE_LIBJPEG } |