From 1ff90822f1a0a628377eeb53b9a30e3c18d16f44 Mon Sep 17 00:00:00 2001 From: DRC Date: Tue, 1 Jan 2019 21:08:27 -0600 Subject: [PATCH] TJBench: Fix FPE when decompressing 0-width JPEG Fixes #319 --- ChangeLog.md | 4 ++++ tjbench.c | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ChangeLog.md b/ChangeLog.md index 07b8808..ebe26b6 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -18,6 +18,10 @@ using the `tjLoadImage()` function. decompress a specially-crafted malformed JPEG image to a 256-color BMP using djpeg. +4. Fixed a floating-point exception that occurred when attempting to +decompress a specially-crafted malformed JPEG image with a specified image +width or height of 0 using the C version of TJBench. + 2.0.1 ===== diff --git a/tjbench.c b/tjbench.c index 863e534..0eb41d5 100644 --- a/tjbench.c +++ b/tjbench.c @@ -1,5 +1,5 @@ /* - * Copyright (C)2009-2018 D. R. Commander. All Rights Reserved. + * Copyright (C)2009-2019 D. R. Commander. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -541,6 +541,8 @@ int decompTest(char *fileName) if (tjDecompressHeader3(handle, srcBuf, srcSize, &w, &h, &subsamp, &cs) == -1) _throwtj("executing tjDecompressHeader3()"); + if (w < 1 || h < 1) + _throw("reading JPEG header", "Invalid image dimensions"); if (cs == TJCS_YCCK || cs == TJCS_CMYK) { pf = TJPF_CMYK; ps = tjPixelSize[pf]; } -- 2.50.1