JXL: Fix missing checks for BOXES when parsing animation

Fix error when parsing something like: ``` JXL_DEC_BOX JXL_DEC_BOX JXL_DEC_BOX JXL_DEC_BASIC_INFO JXL_DEC_COLOR_ENCODING JXL_DEC_BOX JXL_DEC_BOX JXL_DEC_FRAME JXL_DEC_BOX JXL_DEC_FRAME ``` CCBUG: 496350
2025-05-28 00:30:23 -04:00 · 2025-01-04 06:46:41 +00:00 · 2025-01-04 06:46:41 +00:00 · e6a0f8758b
commit e6a0f8758b
parent 5c0c7e4fd7
4 changed files with 29 additions and 10 deletions
--- a/autotests/read/jxl/bug_496350.jxl
+++ b/autotests/read/jxl/bug_496350.jxl
--- a/autotests/read/jxl/bug_496350.png
+++ b/autotests/read/jxl/bug_496350.png
--- a/src/imageformats/jxl.cpp
+++ b/src/imageformats/jxl.cpp
@ -382,6 +382,11 @@ bool QJpegXLHandler::countALLFrames()
                case JXL_DEC_NEED_MORE_INPUT:
                    qWarning("ERROR: JXL data incomplete");
                    break;
+                case JXL_DEC_BOX:
+                    if (!decodeBox(status)) {
+                        qWarning("ERROR: JXL BOX decoding failed");
+                    }
+                    continue;
                default:
                    qWarning("Unexpected event %d instead of JXL_DEC_FRAME", status);
                    break;
@ -1214,16 +1219,8 @@ bool QJpegXLHandler::decodeBoxes(JxlDecoderStatus &status)
 {
    do { // decode metadata
        status = JxlDecoderProcessInput(m_decoder);
-        if (status == JXL_DEC_BOX) {
-            JxlBoxType type;
-            JxlDecoderGetBoxType(m_decoder, type, JXL_FALSE);
-            if (memcmp(type, "xml ", 4) == 0) {
-                uint64_t size;
-                if (JxlDecoderGetBoxSizeRaw(m_decoder, &size) == JXL_DEC_SUCCESS && size < uint64_t(kMaxQVectorSize)) {
-                    m_xmp = QByteArray(size, '\0');
-                    JxlDecoderSetBoxBuffer(m_decoder, reinterpret_cast<uint8_t *>(m_xmp.data()), m_xmp.size());
-                }
-            }
+        if (!decodeBox(status)) {
+            qWarning("ERROR: JXL BOX decoding failed");
        }
    } while (status == JXL_DEC_BOX);

@ -1240,6 +1237,27 @@ bool QJpegXLHandler::decodeBoxes(JxlDecoderStatus &status)
    return true;
 }

+bool QJpegXLHandler::decodeBox(const JxlDecoderStatus &status)
+{
+    if (status != JXL_DEC_BOX) {
+        return true;
+    }
+
+    JxlBoxType type;
+    JxlDecoderGetBoxType(m_decoder, type, JXL_FALSE);
+    if (memcmp(type, "xml ", 4) == 0) {
+        uint64_t size;
+        if (JxlDecoderGetBoxSizeRaw(m_decoder, &size) == JXL_DEC_SUCCESS && size < uint64_t(kMaxQVectorSize)) {
+            m_xmp = QByteArray(size, '\0');
+            JxlDecoderSetBoxBuffer(m_decoder, reinterpret_cast<uint8_t *>(m_xmp.data()), m_xmp.size());
+            return true;
+        }
+        return false;
+    }
+
+    return true;
+}
+
 QImageIOPlugin::Capabilities QJpegXLPlugin::capabilities(QIODevice *device, const QByteArray &format) const
 {
    if (format == "jxl") {
--- a/src/imageformats/jxl_p.h
+++ b/src/imageformats/jxl_p.h
@ -52,6 +52,7 @@ private:
    bool decode_one_frame();
    bool rewind();
    bool decodeBoxes(JxlDecoderStatus &status);
+    bool decodeBox(const JxlDecoderStatus &status);

    enum ParseJpegXLState {
        ParseJpegXLError = -1,