summaryrefslogtreecommitdiff
path: root/extra/libjpeg-turbo/cve-2013-6629.patch
blob: 7fb02730f046ce0837fdda0fedbe1ef23117294c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

Index: jdmarker.c
===================================================================
--- jdmarker.c	(revision 1088)
+++ jdmarker.c	(revision 1089)
@@ -304,7 +304,7 @@
 /* Process a SOS marker */
 {
   INT32 length;
-  int i, ci, n, c, cc;
+  int i, ci, n, c, cc, pi;
   jpeg_component_info * compptr;
   INPUT_VARS(cinfo);
 
@@ -348,6 +348,13 @@
     
     TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
 	     compptr->dc_tbl_no, compptr->ac_tbl_no);
+
+    /* This CSi (cc) should differ from the previous CSi */
+    for (pi = 0; pi < i; pi++) {
+      if (cinfo->cur_comp_info[pi] == compptr) {
+        ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
+      }
+    }
   }
 
   /* Collect the additional scan parameters Ss, Se, Ah/Al. */
@@ -465,6 +472,8 @@
     for (i = 0; i < count; i++)
       INPUT_BYTE(cinfo, huffval[i], return FALSE);
 
+    MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
+
     length -= count;
 
     if (index & 0x10) {		/* AC table definition */
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-09-30 07:06:49 +0000