AddressSanitizer: fix allocating too big buffers (libjpeg-turbo)

src/pxUtil.cpp

@@ -87,8 +87,8 @@ rtError pxLoadAImage(const char* imageData, size_t imageDataSize,
     s.init();
     s.addBuffer(o,0);
   }
-  
-  return retVal;  
+
+  return retVal;
 }
 
 
@@ -359,7 +359,7 @@ rtError pxStorePNGImage(const char *filename, pxOffscreen &b, bool /*grayscale*/
  * conjunction with the documentation file libjpeg.txt.
  *
  * This code will not do anything useful as-is, but it may be helpful as a
- * skeleton for constructing routines that call the JPEG library.  
+ * skeleton for constructing routines that call the JPEG library.
  *
  * We present these routines in the same coding style used in the JPEG code
  * (ANSI function definitions, etc); but you are of course free to code your
@@ -708,8 +708,23 @@ rtError pxLoadJPGImageTurbo(const char *buf, size_t buflen, pxOffscreen &o)
     return RT_FAIL;// TODO : add grayscale support for libjpeg turbo.  falling back to libjpeg for now
   }
 
+  // limit memory usage to resolution 4096x4096
+  if (((size_t)width * height) > ((size_t)4096 * 4096))
+  {
+    rtLogError("Error libjpeg-turbo: image too large");
+    tjDestroy(jpegDecompressor);
+    return RT_FAIL;
+  }
+
   unsigned char *imageBuffer = tjAlloc(width * height * 3);
 
+  if (!imageBuffer)
+  {
+    rtLogError("Error allocating libjpeg-turbo buffer");
+    tjDestroy(jpegDecompressor);
+    return RT_FAIL;
+  }
+
   int result = tjDecompress2(jpegDecompressor, (unsigned char *)buf, buflen, imageBuffer, width, 0, height, TJPF_RGB /*(colorComponent == 3) ? TJPF_RGB : jpegColorspace*/, TJFLAG_FASTDCT);
 
   if (result != 0)
@@ -1151,9 +1166,9 @@ rtError pxLoadAPNGImage(const char *imageData, size_t imageDataSize,
 
   //unsigned int width, height, channels, rowbytes, size, i, j;
   unsigned int width, height, i, j;
-  
+
   unsigned long size, rowbytes;
-  
+
   png_bytepp rows_image;
   png_bytepp rows_frame;
   unsigned char *p_image;