Even though tjDecompressToYUV2() is mostly just a wrapper for
tjDecompressToYUVPlanes(), tjDecompressToYUV2() still calls
jpeg_read_header(), so it needs to properly set up the libjpeg error
handler prior to making this call. Otherwise, under very esoteric (and
arguably incorrect) use cases, a program can call tjDecompressToYUV2()
without first checking the JPEG header using tjDecompressHeader3(), and
if the header is corrupt, tjDecompressToYUV2() will abort without
triggering an error.
Fixes #72
not security bugs, since they were confined to the cjpeg program and did not
affect any of the libjpeg-turbo libraries.
+4. Fixed an issue whereby attempting to decompress a JPEG file with a corrupt
+header using the `tjDecompressToYUV2()` function would cause the function to
+abort without returning an error. This only occurred if `tjDecompressToYUV2()`
+was called prior to calling `tjDecompressHeader3()`, or if the return value
+from `tjDecompressHeader3()` was ignored (both cases represent incorrect usage
+of the TurboJPEG API.)
+
1.4.90 (1.5 beta1)
==================
|| !isPow2(pad) || height<0)
_throw("tjDecompressToYUV2(): Invalid argument");
+ if(setjmp(this->jerr.setjmp_buffer))
+ {
+ /* If we get here, the JPEG code has signaled an error. */
+ return -1;
+ }
+
jpeg_mem_src_tj(dinfo, jpegBuf, jpegSize);
jpeg_read_header(dinfo, TRUE);
jpegSubsamp=getSubsamp(dinfo);