limit the number of scans we allow in jpeg images to some finite value
Categories
(Core :: Graphics: ImageLib, defect)
Tracking
()
Tracking | Status | |
---|---|---|
firefox113 | --- | fixed |
People
(Reporter: tnikkel, Assigned: tnikkel)
References
Details
Attachments
(1 file)
Assignee | ||
Comment 1•2 years ago
|
||
Bug 1252200 and bug 1252196 talk about this problem more. However using the programs there to generate a testcase jpeg it did not seem to have a large number of scans, either that or I wasn't patient enough to wait for the first few scans to complete, so I'm filing this separately.
Assignee | ||
Comment 2•2 years ago
|
||
We want to provide some finite limit to prevent small jpeg files from being able to tie up cpus for a much larger time than their small size would normally allow. We want to choose a number high enough so that no sane jpeg file would approach it, unless it had been crafted to take advantage of this problem.
Skia's jpeg decoder limit's it to 100:
The OSS_Fuzz targets for libjpeg-turbo limit it to 500:
https://bugzilla.mozilla.org/show_bug.cgi?id=1252196#c11
Depends on D173119
Comment 4•2 years ago
|
||
Backed out for causing reftest failures on pattern-transformed.
Assignee | ||
Comment 5•2 years ago
|
||
I'm not sure this could cause those failures. There is no jpegs in those tests.
Comment 6•2 years ago
|
||
There is something strange going on. I first backed out Bug 1824025 but I did the backout before seeing this backfills that is why I re-landed bug 1824025 and backed out this bug. Most likely I will re-land your patch.
Comment 8•2 years ago
|
||
Sorry for any inconvenience caused by this. Your patch was re-landed.
Assignee | ||
Comment 9•2 years ago
|
||
(In reply to Iulian Moraru from comment #6)
There is something strange going on. I first backed out Bug 1824025 but I did the backout before seeing this backfills that is why I re-landed bug 1824025 and backed out this bug. Most likely I will re-land your patch.
Ah, I see. In the backfills link if I open the full log of an Rs2 run on the push for bug 1824025 then I do not see the pattern-transformed* tests as being run, so they must have moved chunks unexpectedly?
Comment 10•2 years ago
|
||
bugherder |
Assignee | ||
Comment 11•2 years ago
|
||
Stumbled upon the max scans that imagemagick allows so figured I'd record it here for posterity: 1024
Description
•