Fix data corruption issues when decompressing large JPEG images and/or using buffered I/O. Specifically, decode_mcu_fast() can potentially process more than 1 MCU, so make sure there is enough space in the buffer to accommodate this case. Otherwise, the buffer pointer goes negative, and bad mojo ensues. Also, the fast decoder's method of handling unread markers doesn't make libjpeg's restart handler happy, so disable fast decode when restarts are used.
This commit is contained in:
DRC
3
jdhuff.c
3
jdhuff.c
@@ -778,7 +778,8 @@ decode_mcu (j_decompress_ptr cinfo, JBLOCKROW *MCU_data)
|
|||||||
*/
|
*/
|
||||||
if (! entropy->pub.insufficient_data) {
|
if (! entropy->pub.insufficient_data) {
|
||||||
|
|
||||||
if (cinfo->src->bytes_in_buffer >= BUFSIZE) {
|
if (cinfo->src->bytes_in_buffer >= BUFSIZE * cinfo->blocks_in_MCU
|
||||||
|
&& !cinfo->restart_interval) {
|
||||||
if (!decode_mcu_fast(cinfo, MCU_data)) return FALSE;
|
if (!decode_mcu_fast(cinfo, MCU_data)) return FALSE;
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|||||||
Reference in New Issue
Block a user