From e46e67fcf1e4df718deb9c8de22ebe61a8373898 Mon Sep 17 00:00:00 2001 From: Andreas Molzer Date: Wed, 27 Jan 2021 08:05:07 +0100 Subject: [PATCH 1/2] Add test files against panic from missing frame --- tests/crashtest/images/README.md | 1 + tests/crashtest/images/missing-frame-image-1410.jpg | 1 + 2 files changed, 2 insertions(+) create mode 100644 tests/crashtest/images/missing-frame-image-1410.jpg diff --git a/tests/crashtest/images/README.md b/tests/crashtest/images/README.md index 3e8a4eca..f3853db2 100644 --- a/tests/crashtest/images/README.md +++ b/tests/crashtest/images/README.md @@ -7,3 +7,4 @@ derive-huffman-codes-overflow.jpg | Found by Pascal Hertleif (@killercup) while missing-sof.jpg | Found by Corey Farwell (@frewsxcv) when fuzz testing extraneous-bytes-after-sos.jpg | Scan from brother DSmobile 920DW provided by Filip Lundborg (@filipl) missing-sos.jpg | Generated in GIMP and manually edited by John Reynolds (@quilan1) +missing-frame-image-1410.jpg | Found by @frewsxcv when fuzzing diff --git a/tests/crashtest/images/missing-frame-image-1410.jpg b/tests/crashtest/images/missing-frame-image-1410.jpg new file mode 100644 index 00000000..6bd16966 --- /dev/null +++ b/tests/crashtest/images/missing-frame-image-1410.jpg @@ -0,0 +1 @@ +ÿØÿÙ \ No newline at end of file From 59652e9cc05fa2426f084352e43b4f78376728d0 Mon Sep 17 00:00:00 2001 From: Andreas Molzer Date: Wed, 27 Jan 2021 07:59:13 +0100 Subject: [PATCH 2/2] Catch Frame being missing at image end The decoding expected a frame to exist by unwrapping its option but an image that ends directly (in 4 bytes) will trip this condition. --- src/decoder.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/decoder.rs b/src/decoder.rs index 9f59aff7..dca49820 100644 --- a/src/decoder.rs +++ b/src/decoder.rs @@ -409,6 +409,10 @@ impl Decoder { previous_marker = marker; } + if self.frame.is_none() { + return Err(Error::Format("end of image encountered before frame".to_owned())); + } + let frame = self.frame.as_ref().unwrap(); // If we're decoding a progressive jpeg and a component is unfinished, render what we've got