]> granicus.if.org Git - libjpeg-turbo/commitdiff
projects / libjpeg-turbo / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 26f1092)
Fix jpeg_skip_scanlines() segfault w/merged upsamp
authorDarrell Walisser <darrell.walisser@gmail.com>
Sat, 16 Jun 2018 22:31:35 +0000 (18:31 -0400)
committerDRC <information@libjpeg-turbo.org>
Mon, 25 Jun 2018 00:04:19 +0000 (19:04 -0500)
Fixes NULL pointer reference when decompressing 4:2:2 or 4:2:0 JPEG
images with cinfo.do_fancy_upsampling = FALSE.

Closes #244

ChangeLog.md patch | blob | history
jdapistd.c patch | blob | history

diff --git a/ChangeLog.md b/ChangeLog.md
index f64866ed1437e39c9053b45efe718b59f8344d05..e18a2826b7b6f231c9b5d05c11effc23508b48c6 100644 (file)
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -40,6 +40,10 @@ when attempting to load the BMP file into a 4-component image buffer.
 loop when decompressing progressive JPEG images that use vertical chroma
 subsampling (for instance, 4:2:0 or 4:4:0.)
 
+6. Fixed a segfault in `jpeg_skip_scanlines()` that occurred when decompressing
+a 4:2:2 or 4:2:0 JPEG image using the merged (non-fancy) upsampling algorithms
+(that is, when setting `cinfo.do_fancy_upsampling` to `FALSE`.)
+
 
 1.5.90 (2.0 beta1)
 ==================
diff --git a/jdapistd.c b/jdapistd.c
index 50c84c3537a803a97c982cbb98aba6ac584955d7..2c808fa5640126f75b9ad095da92dee135baa4d4 100644 (file)
--- a/jdapistd.c
+++ b/jdapistd.c
@@ -318,12 +318,15 @@ read_and_discard_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
   JDIMENSION n;
   void (*color_convert) (j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
                          JDIMENSION input_row, JSAMPARRAY output_buf,
-                         int num_rows);
+                         int num_rows) = NULL;
   void (*color_quantize) (j_decompress_ptr cinfo, JSAMPARRAY input_buf,
                           JSAMPARRAY output_buf, int num_rows) = NULL;
 
-  color_convert = cinfo->cconvert->color_convert;
-  cinfo->cconvert->color_convert = noop_convert;
+  if (cinfo->cconvert && cinfo->cconvert->color_convert) {
+    color_convert = cinfo->cconvert->color_convert;
+    cinfo->cconvert->color_convert = noop_convert;
+  }
+
   if (cinfo->cquantize && cinfo->cquantize->color_quantize) {
     color_quantize = cinfo->cquantize->color_quantize;
     cinfo->cquantize->color_quantize = noop_quantize;
@@ -332,7 +335,9 @@ read_and_discard_scanlines(j_decompress_ptr cinfo, JDIMENSION num_lines)
   for (n = 0; n < num_lines; n++)
     jpeg_read_scanlines(cinfo, NULL, 1);
 
-  cinfo->cconvert->color_convert = color_convert;
+  if (color_convert)
+    cinfo->cconvert->color_convert = color_convert;
+
   if (color_quantize)
     cinfo->cquantize->color_quantize = color_quantize;
 }
Unnamed repository; edit this file 'description' to name the repository.