LibGfx/JPEG: Refill reservoir if necessary when discarding bits

This condition was hit 157 times out of the 109,233 JPEG images in the Govdocs1 corpus. This change allows all of these images to load correctly.
2024-07-23 02:55:15 +00:00 · 2023-11-03 20:29:31 +00:00 · 2023-11-03 20:29:31 +00:00 · 438e9e146c
parent 4c5d48f861
commit 438e9e146c
3 changed files with 4 additions and 6 deletions
--- a/Tests/LibGfx/TestImageDecoder.cpp
+++ b/Tests/LibGfx/TestImageDecoder.cpp
@ -270,7 +270,8 @@ TEST_CASE(test_jpeg_malformed_header)
 TEST_CASE(test_jpeg_malformed_frame)
 {
    Array test_inputs = {
-        TEST_INPUT("jpg/oss-fuzz-testcase-62584.jpg"sv)
+        TEST_INPUT("jpg/oss-fuzz-testcase-62584.jpg"sv),
+        TEST_INPUT("jpg/oss-fuzz-testcase-63815.jpg"sv)
    };

    for (auto test_input : test_inputs) {
--- a/Tests/LibGfx/test-inputs/jpg/oss-fuzz-testcase-63815.jpg
+++ b/Tests/LibGfx/test-inputs/jpg/oss-fuzz-testcase-63815.jpg
--- a/Userland/Libraries/LibGfx/ImageFormats/JPEGLoader.cpp
+++ b/Userland/Libraries/LibGfx/ImageFormats/JPEGLoader.cpp
@ -296,11 +296,8 @@ public:
    {
        m_bit_offset += count;

-        if (m_bit_offset > bits_in_reservoir) {
-            // FIXME: I can't find a test case for that so let's leave it for later
-            //        instead of inserting an hard-to-find bug.
-            TODO();
-        }
+        if (m_bit_offset > bits_in_reservoir)
+            TRY(refill_reservoir());

        return {};
    }