From: DRC Date: Wed, 30 Oct 2013 22:21:06 +0000 (+0000) Subject: Fix a really subtle issue whereby an invalid free() could occur if a program called... X-Git-Tag: 1.3.90~186 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e2f8e694d0d1ec333c18d803cf0ba083e9feb1c0;p=libjpeg-turbo Fix a really subtle issue whereby an invalid free() could occur if a program called tjInitDecompress() and then accidentally passed the handle to tjEncodeYUV3(), or if a program called tjInitCompress() and then accidentally passed the handle to tjDecompressToYUV2(). git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@1065 632fc199-4ca6-4c93-a231-07263d6284db --- diff --git a/turbojpeg.c b/turbojpeg.c index b0acc55..8dcc3b7 100644 --- a/turbojpeg.c +++ b/turbojpeg.c @@ -710,16 +710,16 @@ DLLEXPORT int DLLCALL tjEncodeYUV3(tjhandle handle, unsigned char *srcBuf, unsigned char *rgbBuf=NULL; #endif - getinstance(handle); - if((this->init&COMPRESS)==0) - _throw("tjEncodeYUV3(): Instance has not been initialized for compression"); - for(i=0; iinit&COMPRESS)==0) + _throw("tjEncodeYUV3(): Instance has not been initialized for compression"); + if(srcBuf==NULL || width<=0 || pitch<0 || height<=0 || pixelFormat<0 || pixelFormat>=TJ_NUMPF || dstBuf==NULL || pad<0 || !isPow2(pad) || subsamp<0 || subsamp>=NUMSUBOPT) @@ -1105,15 +1105,15 @@ DLLEXPORT int DLLCALL tjDecompressToYUV2(tjhandle handle, JSAMPLE *_tmpbuf=NULL, *ptr=dstBuf; JSAMPROW *tmpbuf[MAX_COMPONENTS]; int dctsize; - getinstance(handle); - if((this->init&DECOMPRESS)==0) - _throw("tjDecompressToYUV2(): Instance has not been initialized for decompression"); - for(i=0; iinit&DECOMPRESS)==0) + _throw("tjDecompressToYUV2(): Instance has not been initialized for decompression"); + if(jpegBuf==NULL || jpegSize<=0 || dstBuf==NULL || width<0 || pad<1 || !isPow2(pad) || height<0) _throw("tjDecompressToYUV2(): Invalid argument");