• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1diff -Npur libjpeg-turbo-2.0.4/ChangeLog.md libjpeg-turbo-2.0.4-new/ChangeLog.md
2--- libjpeg-turbo-2.0.4/ChangeLog.md	2019-12-31 15:10:30.000000000 +0800
3+++ libjpeg-turbo-2.0.4-new/ChangeLog.md	2020-07-29 19:12:06.259357156 +0800
4@@ -562,10 +562,10 @@ application was linked against.
5
6 3. Fixed a couple of issues in the PPM reader that would cause buffer overruns
7 in cjpeg if one of the values in a binary PPM/PGM input file exceeded the
8-maximum value defined in the file's header.  libjpeg-turbo 1.4.2 already
9-included a similar fix for ASCII PPM/PGM files.  Note that these issues were
10-not security bugs, since they were confined to the cjpeg program and did not
11-affect any of the libjpeg-turbo libraries.
12+maximum value defined in the file's header and that maximum value was greater
13+than 255.  libjpeg-turbo 1.4.2 already included a similar fix for ASCII PPM/PGM
14+files.  Note that these issues were not security bugs, since they were confined
15+to the cjpeg program and did not affect any of the libjpeg-turbo libraries.
16
17 4. Fixed an issue whereby attempting to decompress a JPEG file with a corrupt
18 header using the `tjDecompressToYUV2()` function would cause the function to
19diff -Npur libjpeg-turbo-2.0.4/rdppm.c libjpeg-turbo-2.0.4-new/rdppm.c
20--- libjpeg-turbo-2.0.4/rdppm.c	2019-12-31 15:10:30.000000000 +0800
21+++ libjpeg-turbo-2.0.4-new/rdppm.c	2020-07-29 17:55:33.129123386 +0800
22@@ -5,7 +5,7 @@
23  * Copyright (C) 1991-1997, Thomas G. Lane.
24  * Modified 2009 by Bill Allombert, Guido Vollbeding.
25  * libjpeg-turbo Modifications:
26- * Copyright (C) 2015-2017, D. R. Commander.
27+ * Copyright (C) 2015-2017, 2020, D. R. Commander.
28  * For conditions of distribution and use, see the accompanying README.ijg
29  * file.
30  *
31@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cj
32     /* On 16-bit-int machines we have to be careful of maxval = 65535 */
33     source->rescale = (JSAMPLE *)
34       (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
35-                                  (size_t)(((long)maxval + 1L) *
36+                                  (size_t)(((long)MAX(maxval, 255) + 1L) *
37                                            sizeof(JSAMPLE)));
38     half_maxval = maxval / 2;
39     for (val = 0; val <= (long)maxval; val++) {
40