Attempt to decode corrupted or invalid images (#194)

This should be a safe option to set, given that libvips is continuously fuzzed by OSS-Fuzz.
weserv · Oct 20, 2019 · dee4ff0 · dee4ff0
1 parent e6848e1
commit dee4ff0
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 5 deletions.
diff --git a/src/api/processors/buffer.cpp b/src/api/processors/buffer.cpp
@@ -19,12 +19,13 @@ const int DEFAULT_LEVEL = 6;
 // = 71 megapixels
 const int MAX_IMAGE_SIZE = 71000000;
 
-// Halt processing and raise an error when loading invalid images.
-// Set this flag to `false` if you'd rather apply a "best effort" to decode
-// images, even if the data is corrupt or invalid.
+// Do a "best effort" to decode images, even if the data is corrupt or invalid.
+// Set this flag to `true` if you would rather to halt processing and raise an
+// error when loading invalid images.
 // See: CVE-2019-6976
 // https://blog.silentsignal.eu/2019/04/18/drop-by-drop-bleeding-through-libvips/
-const bool FAIL_ON_ERROR = true;
+// https://github.com/weserv/images/issues/194
+const bool FAIL_ON_ERROR = false;
 
 template <typename Comparator>
 int ImageBuffer::resolve_page(const std::string &buf, const std::string &loader,

diff --git a/src/api/processors/thumbnail.cpp b/src/api/processors/thumbnail.cpp
@@ -13,7 +13,7 @@ const int MAX_PAGES = 256;
 const int MAX_TARGET_SIZE = 71000000;
 
 // See `buffer.cpp`
-const bool FAIL_ON_ERROR = true;
+const bool FAIL_ON_ERROR = false;
 
 // Set to true in order to have a greater advantage of the JPEG
 // shrink-on-load feature. You can set this to false for more