From 1a943373c7a1fb2e6d38ad2217fe614b40b7ec45 Mon Sep 17 00:00:00 2001
From: Dirk Lemstra <dirk@git.imagemagick.org>
Date: Sun, 1 Apr 2018 17:53:54 +0200
Subject: [PATCH] Moved call to jpeg_start_decompress to avoid allocating to
 much memory (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7255)

---
 coders/jpeg.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/coders/jpeg.c b/coders/jpeg.c
index 8d97f5e5f..3165154bb 100644
--- a/coders/jpeg.c
+++ b/coders/jpeg.c
@@ -1265,7 +1265,7 @@ static Image *ReadJPEGImage(const ImageInfo *image_info,
   if (option != (const char *) NULL)
     jpeg_info.do_fancy_upsampling=IsStringTrue(option) != MagickFalse ? TRUE :
       FALSE;
-  (void) jpeg_start_decompress(&jpeg_info);
+  jpeg_calc_output_dimensions(&jpeg_info);
   image->columns=jpeg_info.output_width;
   image->rows=jpeg_info.output_height;
   image->depth=(size_t) jpeg_info.data_precision;
@@ -1330,11 +1330,6 @@ static Image *ReadJPEGImage(const ImageInfo *image_info,
       (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Geometry: %dx%d",
         (int) jpeg_info.output_width,(int) jpeg_info.output_height);
     }
-  JPEGSetImageQuality(&jpeg_info,image);
-  JPEGSetImageSamplingFactor(&jpeg_info,image,exception);
-  (void) FormatLocaleString(value,MagickPathExtent,"%.20g",(double)
-    jpeg_info.out_color_space);
-  (void) SetImageProperty(image,"jpeg:colorspace",value,exception);
   if (image_info->ping != MagickFalse)
     {
       jpeg_destroy_decompress(&jpeg_info);
@@ -1347,6 +1342,12 @@ static Image *ReadJPEGImage(const ImageInfo *image_info,
       jpeg_destroy_decompress(&jpeg_info);
       return(DestroyImageList(image));
     }
+  (void) jpeg_start_decompress(&jpeg_info);
+  JPEGSetImageQuality(&jpeg_info,image);
+  JPEGSetImageSamplingFactor(&jpeg_info,image,exception);
+  (void) FormatLocaleString(value,MagickPathExtent,"%.20g",(double)
+    jpeg_info.out_color_space);
+  (void) SetImageProperty(image,"jpeg:colorspace",value,exception);
   if ((jpeg_info.output_components != 1) &&
       (jpeg_info.output_components != 3) && (jpeg_info.output_components != 4))
     {
-- 
2.40.0