ryan/mozjpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Our copyright string is longer than JMSG_LENGTH_MAX, and this was causing a buffer overrun if output_message() was called with msg_code set to JMSG_COPYRIGHT, or if format_message() was called with msg_code set to JMSG_COPYRIGHT and with a buffer of length JMSG_LENGTH_MAX.

Browse Source 
We can't simply increase JMSG_LENGTH_MAX, because it is part of the libjpeg API, and it is generally assumed that a buffer of this length will be passed to format_message().  Thus, the easiest solution is simply to use a shorter copyright string for JMSG_COPYRIGHT.


git-svn-id: svn+ssh://svn.code.sf.net/p/libjpeg-turbo/code/trunk@1318 632fc199-4ca6-4c93-a231-07263d6284db
This commit is contained in:
DRC
2014-05-28 20:19:54 +00:00
parent fced14c7b4
commit cf55f0b533
3 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog.txt
View File

@@ -70,6 +70,9 @@ handle prototypes and support for the MS-DOS memory model, were removed from
the libjpeg code, greatly improving its readability and making it easier to the libjpeg code, greatly improving its readability and making it easier to
maintain and extend. maintain and extend.
[10] Fixed a segfault that occurred when calling output_message() with msg_code
set to JMSG_COPYRIGHT.
1.3.1 1.3.1
===== =====

6
jerror.h
View File

@@ -1,9 +1,11 @@
/* /*
* jerror.h * jerror.h
* *
* This file was part of the Independent JPEG Group's software:
* Copyright (C) 1994-1997, Thomas G. Lane. * Copyright (C) 1994-1997, Thomas G. Lane.
* Modified 1997-2009 by Guido Vollbeding. * Modified 1997-2009 by Guido Vollbeding.
* This file is part of the Independent JPEG Group's software. * libjpeg-turbo Modifications:
* Copyright (C) 2014, D. R. Commander.
* For conditions of distribution and use, see the accompanying README file. * For conditions of distribution and use, see the accompanying README file.
* *
* This file defines the error and message codes for the JPEG library. * This file defines the error and message codes for the JPEG library.
@@ -132,7 +134,7 @@ JMESSAGE(JERR_VIRTUAL_BUG, "Virtual array controller messed up")
JMESSAGE(JERR_WIDTH_OVERFLOW, "Image too wide for this implementation") JMESSAGE(JERR_WIDTH_OVERFLOW, "Image too wide for this implementation")
JMESSAGE(JERR_XMS_READ, "Read from XMS failed") JMESSAGE(JERR_XMS_READ, "Read from XMS failed")
JMESSAGE(JERR_XMS_WRITE, "Write to XMS failed") JMESSAGE(JERR_XMS_WRITE, "Write to XMS failed")
JMESSAGE(JMSG_COPYRIGHT, JCOPYRIGHT) JMESSAGE(JMSG_COPYRIGHT, JCOPYRIGHT_SHORT)
JMESSAGE(JMSG_VERSION, JVERSION) JMESSAGE(JMSG_VERSION, JVERSION)
JMESSAGE(JTRC_16BIT_TABLES, JMESSAGE(JTRC_16BIT_TABLES,
"Caution: quantization tables are too coarse for baseline JPEG") "Caution: quantization tables are too coarse for baseline JPEG")

2
jversion.h
View File

@@ -32,3 +32,5 @@
"Copyright (C) 2009-2011 Nokia Corporation and/or its subsidiary(-ies)\n" \ "Copyright (C) 2009-2011 Nokia Corporation and/or its subsidiary(-ies)\n" \
"Copyright (C) 2013-2014 MIPS Technologies, Inc.\n" \ "Copyright (C) 2013-2014 MIPS Technologies, Inc.\n" \
"Copyright (C) 2013 Linaro Limited" "Copyright (C) 2013 Linaro Limited"
#define JCOPYRIGHT_SHORT "Copyright (C) 1991-2014 The libjpeg-turbo Project and many others"