From 07c1e5ec408b792b3f9d3240a2eed4338eed428e Mon Sep 17 00:00:00 2001 From: Adam Tkac Date: Wed, 4 Aug 2010 10:53:27 +0200 Subject: [PATCH] Fix huffman decoder to handle broken JPEGs well (#617469) --- libjpeg-turbo.spec | 9 +++++- libjpeg-turbo10-rh617469.patch | 58 ++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 libjpeg-turbo10-rh617469.patch diff --git a/libjpeg-turbo.spec b/libjpeg-turbo.spec index ff1f1e5..2d3eb5e 100644 --- a/libjpeg-turbo.spec +++ b/libjpeg-turbo.spec @@ -1,6 +1,6 @@ Name: libjpeg-turbo Version: 1.0.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A MMX/SSE2 accelerated library for manipulating JPEG image files Group: System Environment/Libraries @@ -21,6 +21,8 @@ Obsoletes: libjpeg < 6b-47 # java-1.6.0-openjdk (#rh607554) -- atkac Provides: libjpeg = 6b-47 +Patch0: libjpeg-turbo10-rh617469.patch + %description The libjpeg-turbo package contains a library of functions for manipulating JPEG images @@ -57,6 +59,8 @@ text comments into a JPEG file. %prep %setup -q +%patch0 -p0 -b .rh617469 + %build autoreconf -fiv @@ -114,6 +118,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man1/wrjpgcom.1* %changelog +* Wed Aug 04 2010 Adam Tkac 1.0.0-3 +- fix huffman decoder to handle broken JPEGs well (#617469) + * Fri Jul 02 2010 Adam Tkac 1.0.0-2 - add libjpeg-devel%%{_isa} provides to -devel subpkg to satisfy imlib-devel deps diff --git a/libjpeg-turbo10-rh617469.patch b/libjpeg-turbo10-rh617469.patch new file mode 100644 index 0000000..c63b3e7 --- /dev/null +++ b/libjpeg-turbo10-rh617469.patch @@ -0,0 +1,58 @@ +Index: jdhuff.c +=================================================================== +--- jdhuff.c (revision 220) ++++ jdhuff.c (revision 221) +@@ -16,7 +16,7 @@ + + /* Modifications: + * Copyright (C)2007 Sun Microsystems, Inc. +- * Copyright (C)2009 D. R. Commander ++ * Copyright (C)2009-2010 D. R. Commander + * + * This library is free software and may be redistributed and/or modified under + * the terms of the wxWindows Library License, Version 3.1 or (at your option) +@@ -240,6 +240,7 @@ + dtbl->maxcode[l] = -1; /* -1 if no codes of this length */ + } + } ++ dtbl->valoffset[17] = 0; + dtbl->maxcode[17] = 0xFFFFFL; /* ensures jpeg_huff_decode terminates */ + + /* Compute lookahead tables to speed up decoding. +Index: jdhuff.h +=================================================================== +--- jdhuff.h (revision 220) ++++ jdhuff.h (revision 221) +@@ -2,6 +2,7 @@ + * jdhuff.h + * + * Copyright (C) 1991-1997, Thomas G. Lane. ++ * Copyright (C) 2010, D. R. Commander. + * This file is part of the Independent JPEG Group's software. + * For conditions of distribution and use, see the accompanying README file. + * +@@ -27,7 +28,7 @@ + /* Basic tables: (element [0] of each array is unused) */ + INT32 maxcode[18]; /* largest code of length k (-1 if none) */ + /* (maxcode[17] is a sentinel to ensure jpeg_huff_decode terminates) */ +- INT32 valoffset[17]; /* huffval[] offset for codes of length k */ ++ INT32 valoffset[18]; /* huffval[] offset for codes of length k */ + /* valoffset[k] = huffval[] index of 1st symbol of code length k, less + * the smallest code of length k; so given a code of length k, the + * corresponding symbol is huffval[code + valoffset[k]] +Index: ChangeLog.txt +=================================================================== +--- ChangeLog.txt (revision 220) ++++ ChangeLog.txt (revision 221) +@@ -1,3 +1,11 @@ ++Significant changes since 1.0.0 ++=============================== ++ ++[1] The Huffman decoder will now handle erroneous Huffman codes (for instance, ++from a corrupt JPEG image.) Previously, these would cause libjpeg-turbo to ++crash under certain circumstances. ++ ++ + Significant changes since 0.0.93 + ================================ +