Skip to content

Commit 7e51f76

Browse files
authored
Merge pull request SPECFEM#1268 from ivanaclairineirsan/fix/CVE-2017-15232
Potential Vulnerability in Cloned Code
2 parents 98741db + 88b6e7c commit 7e51f76

2 files changed

Lines changed: 9 additions & 0 deletions

File tree

external_libs/libjpeg/jdpostct.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,11 @@ post_process_1pass (j_decompress_ptr cinfo,
132132
my_post_ptr post = (my_post_ptr) cinfo->post;
133133
JDIMENSION num_rows, max_rows;
134134

135+
/* read_and_discard_scanlines may call it with rows "available", but no buffer */
136+
if (output_buf == NULL) {
137+
return;
138+
}
139+
135140
/* Fill the buffer, but not more than what we can dump out in one go. */
136141
/* Note we rely on the upsampler to detect bottom of image. */
137142
max_rows = out_rows_avail - *out_row_ctr;

external_libs/libjpeg/jquant1.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -528,6 +528,10 @@ quantize_ord_dither (j_decompress_ptr cinfo, JSAMPARRAY input_buf,
528528
JDIMENSION col;
529529
JDIMENSION width = cinfo->output_width;
530530

531+
if (output_buf == NULL && num_rows) {
532+
ERREXIT(cinfo, JERR_BAD_PARAM);
533+
}
534+
531535
for (row = 0; row < num_rows; row++) {
532536
/* Initialize output values to 0 so can process components separately */
533537
jzero_far((void FAR *) output_buf[row],

0 commit comments

Comments
 (0)