https://bugzilla.redhat.com/show_bug.cgi?id=1031749
--- Comment #11 from Huzaifa S. Sidhpurwala <huzai...@redhat.com> ---
(In reply to Vincent Danen from comment #0)
> Interestingly, the report at [2] indicates that libjpeg does not appear to
> be affected and indicates that a "simple fix for this is to locate get_dht
> in jdmarker.c and make sure that the huffval[] table is zeroed before use"
> however looking at a diff (see below) of jdmarker.c in libjpeg vs
> libjpeg-turbo doesn't seem to back that up (as a result this needs to be
> checked a little more closely as this zeroing of the huffval[] table does
> look applicable to libjpeg as well).
>
This issue does not affect libjpeg because there is already a check in
jpeg_huff_decode():
From jdhuff.c:
425 /* With garbage input we may reach the sentinel value l = 17. */
426
427 if (l > 16) {
428 WARNMS(state->cinfo, JWRN_HUFF_BAD_CODE);
429 return 0; /* fake a zero as the safest result */
430 }
431
432 return htbl->pub->huffval[ (int) (code + htbl->valoffset[l]) ];
433 }
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=QW9Sgm7qny&a=cc_unsubscribe
_______________________________________________
mingw mailing list
mingw@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/mingw
