Fix jpeg_skip_scanlines() segfault w/merged upsamp
The additional segfault mentioned in #244 was due to the fact that
the merged upsamplers use a different private structure than the
non-merged upsamplers. jpeg_skip_scanlines() was assuming the latter, so
when merged upsampling was enabled, jpeg_skip_scanlines() clobbered one
of the IDCT method pointers in the merged upsampler's private structure.
For reasons unknown, the test image in #441 did not encounter this
segfault (too small?), but it encountered an issue similar to the one
fixed in 5bc43c7821, whereby it was
necessary to set up a dummy postprocessing function in
read_and_discard_scanlines() when merged upsampling was enabled.
Failing to do so caused either a segfault in merged_2v_upsample() (due
to a NULL pointer being passed to jcopy_sample_rows()) or an error
("Corrupt JPEG data: premature end of data segment"), depending on the
number of scanlines skipped and whether the first scanline skipped was
an odd- or even-numbered row.
Fixes #441
Fixes #244 (for real this time)
This commit is contained in:
DRC
47
jdmerge.h
Normal file
47
jdmerge.h
Normal file
@@ -0,0 +1,47 @@
|
||||
/*
|
||||
* jdmerge.h
|
||||
*
|
||||
* This file was part of the Independent JPEG Group's software:
|
||||
* Copyright (C) 1994-1996, Thomas G. Lane.
|
||||
* libjpeg-turbo Modifications:
|
||||
* Copyright (C) 2020, D. R. Commander.
|
||||
* For conditions of distribution and use, see the accompanying README.ijg
|
||||
* file.
|
||||
*/
|
||||
|
||||
#define JPEG_INTERNALS
|
||||
#include "jpeglib.h"
|
||||
|
||||
#ifdef UPSAMPLE_MERGING_SUPPORTED
|
||||
|
||||
|
||||
/* Private subobject */
|
||||
|
||||
typedef struct {
|
||||
struct jpeg_upsampler pub; /* public fields */
|
||||
|
||||
/* Pointer to routine to do actual upsampling/conversion of one row group */
|
||||
void (*upmethod) (j_decompress_ptr cinfo, JSAMPIMAGE input_buf,
|
||||
JDIMENSION in_row_group_ctr, JSAMPARRAY output_buf);
|
||||
|
||||
/* Private state for YCC->RGB conversion */
|
||||
int *Cr_r_tab; /* => table for Cr to R conversion */
|
||||
int *Cb_b_tab; /* => table for Cb to B conversion */
|
||||
JLONG *Cr_g_tab; /* => table for Cr to G conversion */
|
||||
JLONG *Cb_g_tab; /* => table for Cb to G conversion */
|
||||
|
||||
/* For 2:1 vertical sampling, we produce two output rows at a time.
|
||||
* We need a "spare" row buffer to hold the second output row if the
|
||||
* application provides just a one-row buffer; we also use the spare
|
||||
* to discard the dummy last row if the image height is odd.
|
||||
*/
|
||||
JSAMPROW spare_row;
|
||||
boolean spare_full; /* T if spare buffer is occupied */
|
||||
|
||||
JDIMENSION out_row_width; /* samples per output row */
|
||||
JDIMENSION rows_to_go; /* counts rows remaining in image */
|
||||
} my_merged_upsampler;
|
||||
|
||||
typedef my_merged_upsampler *my_merged_upsample_ptr;
|
||||
|
||||
#endif /* UPSAMPLE_MERGING_SUPPORTED */
|
||||
Reference in New Issue
Block a user