ryan/mozjpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TurboJPEG: Avoid dangling pointers

Browse Source 
This addresses a minor concern (LJT-01-002) expressed in a security
audit by Cure53.  _tjInitCompress() and _tjInitDecompress() call
(respectively) jpeg_mem_dest_tj() and jpeg_mem_src_tj() with a pointer
to a dummy buffer, in order to set up the destination/source manager.
The dummy buffer should never be used, but it's still better to make it
static so that the pointer in the destination/source manager always
points to a valid region of memory.
This commit is contained in:
DRC
2016-02-04 09:20:41 -06:00
parent cbfa696fc1
commit 6e053525ee
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
turbojpeg.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C)2009-2015 D. R. Commander. All Rights Reserved.
* Copyright (C)2009-2016 D. R. Commander. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
@@ -556,7 +556,8 @@ DLLEXPORT unsigned char *DLLCALL tjAlloc(int bytes)
static tjhandle _tjInitCompress(tjinstance *this)
{
unsigned char buffer[1], *buf=buffer; unsigned long size=1;
static unsigned char buffer[1];
unsigned char *buf=buffer; unsigned long size=1;
/* This is also straight out of example.c */
this->cinfo.err=jpeg_std_error(&this->jerr.pub);
@@ -1213,7 +1214,7 @@ DLLEXPORT int DLLCALL tjCompressFromYUV(tjhandle handle, unsigned char *srcBuf,
static tjhandle _tjInitDecompress(tjinstance *this)
{
unsigned char buffer[1];
static unsigned char buffer[1];
/* This is also straight out of example.c */
this->dinfo.err=jpeg_std_error(&this->jerr.pub);