Fix several potential overflow issues identified by the community.

git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/branches/1.3.x@1114 632fc199-4ca6-4c93-a231-07263d6284db

diff --git a/jdmarker.c b/jdmarker.c
index a19219fa5b9283acbb14b53461c9793e6ce8c8a0..c8771bc0ad2ca4450a64ef8a983f9e8f79dd3380 100644 (file)
--- a/jdmarker.c
+++ b/jdmarker.c
@@ -478,14 +478,15 @@ get_dht (j_decompress_ptr cinfo)
 
     if (index & 0x10) {                /* AC table definition */
       index -= 0x10;
+      if (index < 0 || index >= NUM_HUFF_TBLS)
+        ERREXIT1(cinfo, JERR_DHT_INDEX, index);
       htblptr = &cinfo->ac_huff_tbl_ptrs[index];
     } else {                   /* DC table definition */
+      if (index < 0 || index >= NUM_HUFF_TBLS)
+        ERREXIT1(cinfo, JERR_DHT_INDEX, index);
       htblptr = &cinfo->dc_huff_tbl_ptrs[index];
     }
 
-    if (index < 0 || index >= NUM_HUFF_TBLS)
-      ERREXIT1(cinfo, JERR_DHT_INDEX, index);
-
     if (*htblptr == NULL)
       *htblptr = jpeg_alloc_huff_table((j_common_ptr) cinfo);
   

diff --git a/jdphuff.c b/jdphuff.c
index 22678099451a7f606c5cb2652940d569ba7885d5..fa97aab6a38859f1991869a6b3951ebfa4d7573d 100644 (file)
--- a/jdphuff.c
+++ b/jdphuff.c
@@ -198,6 +198,7 @@ start_pass_phuff_decoder (j_decompress_ptr cinfo)
  * On some machines, a shift and add will be faster than a table lookup.
  */
 
+#define AVOID_TABLES
 #ifdef AVOID_TABLES
 
 #define HUFF_EXTEND(x,s)  ((x) < (1<<((s)-1)) ? (x) + (((-1)<<(s)) + 1) : (x))

diff --git a/jquant2.c b/jquant2.c
index 9b060e574cd108c2b3c7fe6d4cdaa8800fb5864c..d994470570a1eea6c74a820474abf374f9ba26fe 100644 (file)
--- a/jquant2.c
+++ b/jquant2.c
@@ -513,6 +513,8 @@ compute_color (j_decompress_ptr cinfo, boxptr boxp, int icolor)
       }
     }
   
+  if (total == 0)
+    return;
   cinfo->colormap[0][icolor] = (JSAMPLE) ((c0total + (total>>1)) / total);
   cinfo->colormap[1][icolor] = (JSAMPLE) ((c1total + (total>>1)) / total);
   cinfo->colormap[2][icolor] = (JSAMPLE) ((c2total + (total>>1)) / total);