diff options
| author | Sebastian Rasmussen <sebras@gmail.com> | 2017-09-14 11:56:12 +0200 |
|---|---|---|
| committer | Sebastian Rasmussen <sebras@gmail.com> | 2017-09-20 15:56:02 +0200 |
| commit | b16108d018f625d19508e757a9a4d213165ad84a (patch) | |
| tree | 51919d5b39056660ae5c574bbb32f7f877f7a727 /source | |
| parent | 9313707d515833b05c3aecb5142f5b2ccd3ddcb3 (diff) | |
| download | mupdf-b16108d018f625d19508e757a9a4d213165ad84a.tar.xz | |
Initialize libjpeg state to avoid crashes upon error.
Previously, in case of error in fz_jpg_mem_init(),
jpeg_finish_decompress()/jpeg_destroy_decompress()
would be called before jpeg_create_decompress() had
initlized all state. This sometimes led to segfaults
or accessing uninitialized data.
Diffstat (limited to 'source')
| -rw-r--r-- | source/fitz/filter-dct.c | 2 | ||||
| -rw-r--r-- | source/fitz/load-jpeg.c | 4 |
2 files changed, 6 insertions, 0 deletions
diff --git a/source/fitz/filter-dct.c b/source/fitz/filter-dct.c index 54ec6a98..cdec5d3f 100644 --- a/source/fitz/filter-dct.c +++ b/source/fitz/filter-dct.c @@ -169,6 +169,8 @@ next_dctd(fz_context *ctx, fz_stream *stm, size_t max) if (!state->init) { int c; + + cinfo->src = NULL; cinfo->client_data = state; cinfo->err = &state->errmgr; jpeg_std_error(cinfo->err); diff --git a/source/fitz/load-jpeg.c b/source/fitz/load-jpeg.c index 0634f239..a156c84d 100644 --- a/source/fitz/load-jpeg.c +++ b/source/fitz/load-jpeg.c @@ -236,6 +236,8 @@ fz_load_jpeg(fz_context *ctx, unsigned char *rbuf, size_t rlen) fz_try(ctx) { + cinfo.mem = NULL; + cinfo.global_state = 0; cinfo.client_data = ctx; cinfo.err = jpeg_std_error(&err); err.error_exit = error_exit; @@ -340,6 +342,8 @@ fz_load_jpeg_info(fz_context *ctx, unsigned char *rbuf, size_t rlen, int *xp, in fz_try(ctx) { + cinfo.mem = NULL; + cinfo.global_state = 0; cinfo.client_data = ctx; cinfo.err = jpeg_std_error(&err); err.error_exit = error_exit; |