From: DRC <information@libjpeg-turbo.org>
Date: Wed, 2 Jan 2019 03:08:27 +0000 (-0600)
Subject: TJBench: Fix FPE when decompressing 0-width JPEG
X-Git-Tag: 2.0.2~17
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1ff90822f1a0a628377eeb53b9a30e3c18d16f44;p=libjpeg-turbo

TJBench: Fix FPE when decompressing 0-width JPEG

Fixes #319
---

diff --git a/ChangeLog.md b/ChangeLog.md
index 07b8808..ebe26b6 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -18,6 +18,10 @@ using the `tjLoadImage()` function.
 decompress a specially-crafted malformed JPEG image to a 256-color BMP using
 djpeg.
 
+4. Fixed a floating-point exception that occurred when attempting to
+decompress a specially-crafted malformed JPEG image with a specified image
+width or height of 0 using the C version of TJBench.
+
 
 2.0.1
 =====
diff --git a/tjbench.c b/tjbench.c
index 863e534..0eb41d5 100644
--- a/tjbench.c
+++ b/tjbench.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C)2009-2018 D. R. Commander.  All Rights Reserved.
+ * Copyright (C)2009-2019 D. R. Commander.  All Rights Reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
@@ -541,6 +541,8 @@ int decompTest(char *fileName)
   if (tjDecompressHeader3(handle, srcBuf, srcSize, &w, &h, &subsamp,
                           &cs) == -1)
     _throwtj("executing tjDecompressHeader3()");
+  if (w < 1 || h < 1)
+    _throw("reading JPEG header", "Invalid image dimensions");
   if (cs == TJCS_YCCK || cs == TJCS_CMYK) {
     pf = TJPF_CMYK;  ps = tjPixelSize[pf];
   }