diff options
| author | Tor Andersson <tor@ghostscript.com> | 2010-08-07 13:00:05 +0000 |
|---|---|---|
| committer | Tor Andersson <tor@ghostscript.com> | 2010-08-07 13:00:05 +0000 |
| commit | 17dbea62bfa74f0c64cda9a887bc1625988571f4 (patch) | |
| tree | 064daa38e8b500f76c6b4b37ce75b5236e2a98b3 /fitz/filt_dctd.c | |
| parent | 3c9b82326deb9a6415d7b8ecbd52aef9c625a341 (diff) | |
| download | mupdf-17dbea62bfa74f0c64cda9a887bc1625988571f4.tar.xz | |
Fix buffer juggling bugs in DCT decode filter.
Diffstat (limited to 'fitz/filt_dctd.c')
| -rw-r--r-- | fitz/filt_dctd.c | 20 |
1 files changed, 9 insertions, 11 deletions
diff --git a/fitz/filt_dctd.c b/fitz/filt_dctd.c index 9c2b3fe4..74e7bc40 100644 --- a/fitz/filt_dctd.c +++ b/fitz/filt_dctd.c @@ -24,8 +24,6 @@ static void error_exit(j_common_ptr cinfo) { fz_dctd *state = cinfo->client_data; cinfo->err->format_message(cinfo, state->msg); - if (state->cinfo.src) - state->chain->rp = state->chain->wp - state->cinfo.src->bytes_in_buffer; longjmp(state->jb, 1); } @@ -45,12 +43,10 @@ static boolean fill_input_buffer(j_decompress_ptr cinfo) fz_dctd *state = cinfo->client_data; fz_stream *chain = state->chain; - if (chain->rp == chain->wp) - fz_fillbuffer(chain); - + chain->rp = chain->wp; + fz_fillbuffer(chain); src->next_input_byte = chain->rp; src->bytes_in_buffer = chain->wp - chain->rp; - chain->rp = chain->wp; if (src->bytes_in_buffer == 0) { @@ -87,7 +83,11 @@ readdctd(fz_stream *stm, unsigned char *buf, int len) unsigned char *ep = buf + len; if (setjmp(state->jb)) + { + if (cinfo->src) + state->chain->rp = state->chain->wp - cinfo->src->bytes_in_buffer; return fz_throw("jpeg error: %s", state->msg); + } if (!state->init) { @@ -104,7 +104,7 @@ readdctd(fz_stream *stm, unsigned char *buf, int len) cinfo->src->resync_to_restart = jpeg_resync_to_restart; cinfo->src->term_source = term_source; cinfo->src->next_input_byte = state->chain->rp; - cinfo->src->bytes_in_buffer = 0; + cinfo->src->bytes_in_buffer = state->chain->wp - state->chain->rp; jpeg_read_header(cinfo, 1); @@ -175,7 +175,6 @@ readdctd(fz_stream *stm, unsigned char *buf, int len) *p++ = *state->rp++; } - state->chain->rp = state->chain->wp - cinfo->src->bytes_in_buffer; return p - buf; } @@ -184,10 +183,8 @@ closedctd(fz_stream *stm) { fz_dctd *state = stm->state; if (state->init) - { jpeg_finish_decompress(&state->cinfo); - state->chain->rp = state->chain->wp - state->cinfo.src->bytes_in_buffer; - } + state->chain->rp = state->chain->wp - state->cinfo.src->bytes_in_buffer; jpeg_destroy_decompress(&state->cinfo); fz_free(state->scanline); fz_close(state->chain); @@ -201,6 +198,7 @@ fz_opendctd(fz_stream *chain, fz_obj *params) fz_obj *obj; state = fz_malloc(sizeof(fz_dctd)); + memset(state, 0, sizeof(fz_dctd)); state->chain = chain; state->colortransform = -1; /* unset */ state->init = 0; |