Defer creating pixel cache until first scanline. Classify some libjpeg warnings as errors.
--- a/ChangeLog Thu Jul 06 18:54:30 2017 -0500
+++ b/ChangeLog Sat Jul 08 09:20:58 2017 -0500
@@ -1,3 +1,13 @@
+2017-07-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
+
+ * coders/jpeg.c (ReadJPEGImage): Defer creating pixel cache until
+ after successfully reading first scanline. Classify some serious
+ libjpeg reported "warnings" as errors and quit processing
+ scanlines immediately upon first error so that corrupt JPEG does
+ not consume excessive resources. Resolves excessive resource
+ consumption issue reported for two JPEG files provided via email
+ by LCatro on Tue, 4 Jul 2017.
+
2017-07-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
* coders/png.c (ReadOneJNGImage): Remove spurious '\n' from log
--- a/VisualMagick/installer/inc/version.isx Thu Jul 06 18:54:30 2017 -0500
+++ b/VisualMagick/installer/inc/version.isx Sat Jul 08 09:20:58 2017 -0500
@@ -10,5 +10,5 @@
#define public MagickPackageName "GraphicsMagick"
#define public MagickPackageVersion "1.4"
-#define public MagickPackageVersionAddendum ".020170706"
-#define public MagickPackageReleaseDate "snapshot-20170706"
+#define public MagickPackageVersionAddendum ".020170708"
+#define public MagickPackageReleaseDate "snapshot-20170708"
--- a/coders/jpeg.c Thu Jul 06 18:54:30 2017 -0500
+++ b/coders/jpeg.c Sat Jul 08 09:20:58 2017 -0500
@@ -240,10 +240,34 @@
err->msg_parm.i[4], err->msg_parm.i[5],
err->msg_parm.i[6], err->msg_parm.i[7]);
}
- if ((err->num_warnings == 0) ||
- (err->trace_level >= 3))
- ThrowBinaryException2(CorruptImageWarning,(char *) message,
+ /*
+ Treat some "warnings" as errors
+ */
+ switch (err->msg_code)
+ {
+ case JWRN_HIT_MARKER: /* Corrupt JPEG data: premature end of data segment */
+ case JWRN_JPEG_EOF: /* Premature end of JPEG file */
+ {
+ ThrowBinaryException2(CorruptImageError,(char *) message,
+ image->filename);
+ break;
+ }
+ case JWRN_HUFF_BAD_CODE: /* Corrupt JPEG data: bad Huffman code */
+ case JWRN_MUST_RESYNC: /* Corrupt JPEG data: found marker 0x%02x instead of RST%d */
+ case JWRN_NOT_SEQUENTIAL: /* "Invalid SOS parameters for sequential JPEG */
+ {
+ ThrowBinaryException2(CorruptImageError,(char *) message,
image->filename);
+ break;
+ }
+ default:
+ {
+ if ((err->num_warnings == 0) ||
+ (err->trace_level >= 3))
+ ThrowBinaryException2(CorruptImageWarning,(char *) message,
+ image->filename);
+ }
+ }
err->num_warnings++;
}
else
@@ -1350,6 +1374,16 @@
register PixelPacket
*q;
+ /*
+ Read scanlines. Stop at first serious error.
+ */
+ if ((jpeg_read_scanlines(&jpeg_info,scanline,1) != 1) ||
+ (image->exception.severity >= ErrorException))
+ {
+ status=MagickFail;
+ break;
+ }
+
q=SetImagePixels(image,0,y,image->columns,1);
if (q == (PixelPacket *) NULL)
{
@@ -1358,12 +1392,6 @@
}
indexes=AccessMutableIndexes(image);
- if (jpeg_read_scanlines(&jpeg_info,scanline,1) != 1)
- {
- status=MagickFail;
- break;
- }
-
p=jpeg_pixels;
if (jpeg_info.output_components == 1)
--- a/magick/version.h Thu Jul 06 18:54:30 2017 -0500
+++ b/magick/version.h Sat Jul 08 09:20:58 2017 -0500
@@ -38,8 +38,8 @@
#define MagickLibVersion 0x191600
#define MagickLibVersionText "1.4"
#define MagickLibVersionNumber 19,16,0
-#define MagickChangeDate "20170706"
-#define MagickReleaseDate "snapshot-20170706"
+#define MagickChangeDate "20170708"
+#define MagickReleaseDate "snapshot-20170708"
/*
The MagickLibInterfaceNewest and MagickLibInterfaceOldest defines
--- a/www/Changelog.html Thu Jul 06 18:54:30 2017 -0500
+++ b/www/Changelog.html Sat Jul 08 09:20:58 2017 -0500
@@ -35,6 +35,18 @@
<div class="document">
+<p>2017-07-08 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
+<blockquote>
+<ul class="simple">
+<li>coders/jpeg.c (ReadJPEGImage): Defer creating pixel cache until
+after successfully reading first scanline. Classify some serious
+libjpeg reported "warnings" as errors and quit processing
+scanlines immediately upon first error so that corrupt JPEG does
+not consume excessive resources. Resolves excessive resource
+consumption issue reported for two JPEG files provided via email
+by LCatro on Tue, 4 Jul 2017.</li>
+</ul>
+</blockquote>
<p>2017-07-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
<blockquote>
<ul class="simple">