Fix jpeg_skip_scanlines() segfault w/merged upsamp

author Darrell Walisser <darrell.walisser@gmail.com>

Sat, 16 Jun 2018 22:31:35 +0000 (18:31 -0400)

committer DRC <information@libjpeg-turbo.org>

Mon, 25 Jun 2018 00:03:10 +0000 (19:03 -0500)
author Darrell Walisser <darrell.walisser@gmail.com>
Sat, 16 Jun 2018 22:31:35 +0000 (18:31 -0400)
committer DRC <information@libjpeg-turbo.org>
Mon, 25 Jun 2018 00:03:10 +0000 (19:03 -0500)
diff --git a/ChangeLog.md b/ChangeLog.md

index f762efb3e8a6ff47122e9b645cf1c94bfaeb29d0..0e95df4f92db6e45ac75455c1bc8a09ce04793a2 100644 (file)
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -43,6 +43,10 @@ threat.
  loop when decompressing progressive JPEG images that use vertical chroma
  subsampling (for instance, 4:2:0 or 4:4:0.)
  
+7. Fixed a segfault in `jpeg_skip_scanlines()` that occurred when decompressing
+a 4:2:2 or 4:2:0 JPEG image using the merged (non-fancy) upsampling algorithms
+(that is, when setting `cinfo.do_fancy_upsampling` to `FALSE`.)
+
  
  1.5.3
  =====
diff --git a/jdapistd.c b/jdapistd.c

index eb6808b6f24adc7ffe3280d824ae67d1cfd772a4..9702e4b316c1adbf246e424a63d937fc7147aa6f 100644 (file)
--- a/jdapistd.c
+++ b/jdapistd.c
@@ -320,12 +320,15 @@ read_and_discard_scanlines (j_decompress_ptr cinfo, JDIMENSION num_lines)
    JDIMENSION n;
    void (*color_convert) (j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
                           JDIMENSION input_row, JSAMPARRAY output_buf,
-                         int num_rows);
+                         int num_rows) = NULL;
    void (*color_quantize) (j_decompress_ptr cinfo, JSAMPARRAY input_buf,
                            JSAMPARRAY output_buf, int num_rows) = NULL;
  
-  color_convert = cinfo->cconvert->color_convert;
-  cinfo->cconvert->color_convert = noop_convert;
+  if (cinfo->cconvert && cinfo->cconvert->color_convert) {
+    color_convert = cinfo->cconvert->color_convert;
+    cinfo->cconvert->color_convert = noop_convert;
+  }
+
    if (cinfo->cquantize && cinfo->cquantize->color_quantize) {
      color_quantize = cinfo->cquantize->color_quantize;
      cinfo->cquantize->color_quantize = noop_quantize;
@@ -334,7 +337,9 @@ read_and_discard_scanlines (j_decompress_ptr cinfo, JDIMENSION num_lines)
    for (n = 0; n < num_lines; n++)
      jpeg_read_scanlines(cinfo, NULL, 1);
  
-  cinfo->cconvert->color_convert = color_convert;
+  if (color_convert)
+    cinfo->cconvert->color_convert = color_convert;
+
    if (color_quantize)
      cinfo->cquantize->color_quantize = color_quantize;
  }
author	Darrell Walisser <darrell.walisser@gmail.com>
	Sat, 16 Jun 2018 22:31:35 +0000 (18:31 -0400)
committer	DRC <information@libjpeg-turbo.org>
	Mon, 25 Jun 2018 00:03:10 +0000 (19:03 -0500)
ChangeLog.md		patch \| blob \| history
jdapistd.c		patch \| blob \| history