41 lines
1.1 KiB
Diff
41 lines
1.1 KiB
Diff
|
Thanks to the sources below; this patch discovered via Gentoo.
|
||
|
|
||
|
http://bugzilla.redhat.com/show_bug.cgi?id=1031734
|
||
|
http://bugzilla.redhat.com/show_bug.cgi?id=1031749
|
||
|
http://sourceforge.net/p/libjpeg-turbo/code/1090/
|
||
|
|
||
|
--- libjpeg-turbo-1.3.0/jdmarker.c
|
||
|
+++ libjpeg-turbo-1.3.0/jdmarker.c
|
||
|
@@ -304,7 +304,7 @@
|
||
|
/* Process a SOS marker */
|
||
|
{
|
||
|
INT32 length;
|
||
|
- int i, ci, n, c, cc;
|
||
|
+ int i, ci, n, c, cc, pi;
|
||
|
jpeg_component_info * compptr;
|
||
|
INPUT_VARS(cinfo);
|
||
|
|
||
|
@@ -348,6 +348,13 @@
|
||
|
|
||
|
TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
|
||
|
compptr->dc_tbl_no, compptr->ac_tbl_no);
|
||
|
+
|
||
|
+ /* This CSi (cc) should differ from the previous CSi */
|
||
|
+ for (pi = 0; pi < i; pi++) {
|
||
|
+ if (cinfo->cur_comp_info[pi] == compptr) {
|
||
|
+ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
|
||
|
+ }
|
||
|
+ }
|
||
|
}
|
||
|
|
||
|
/* Collect the additional scan parameters Ss, Se, Ah/Al. */
|
||
|
@@ -465,6 +472,8 @@
|
||
|
for (i = 0; i < count; i++)
|
||
|
INPUT_BYTE(cinfo, huffval[i], return FALSE);
|
||
|
|
||
|
+ MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
|
||
|
+
|
||
|
length -= count;
|
||
|
|
||
|
if (index & 0x10) { /* AC table definition */
|