Skip to content

Commit e0010a5

Browse files
committed
fixes null pointer in JPEG library (CVE GHSA-xggf-8r3g-7cvj)
1 parent 50b7fb7 commit e0010a5

4 files changed

Lines changed: 11 additions & 0 deletions

File tree

external_libs/libjpeg/jerror.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ JMESSAGE(JERR_BAD_LENGTH, "Bogus marker length")
5656
JMESSAGE(JERR_BAD_LIB_VERSION,
5757
"Wrong JPEG library version: library is %d, caller expects %d")
5858
JMESSAGE(JERR_BAD_MCU_SIZE, "Sampling factors too large for interleaved scan")
59+
JMESSAGE(JERR_BAD_PARAM, "Bogus parameter")
5960
JMESSAGE(JERR_BAD_POOL_ID, "Invalid memory pool code %d")
6061
JMESSAGE(JERR_BAD_PRECISION, "Unsupported JPEG data precision %d")
6162
JMESSAGE(JERR_BAD_PROGRESSION,

utils/small_utilities/small_SEM_solver_in_Fortran_without_MPI_to_learn/libjpeg/jdpostct.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,11 @@ post_process_1pass (j_decompress_ptr cinfo,
132132
my_post_ptr post = (my_post_ptr) cinfo->post;
133133
JDIMENSION num_rows, max_rows;
134134

135+
/* read_and_discard_scanlines may call it with rows "available", but no buffer */
136+
if (output_buf == NULL) {
137+
return;
138+
}
139+
135140
/* Fill the buffer, but not more than what we can dump out in one go. */
136141
/* Note we rely on the upsampler to detect bottom of image. */
137142
max_rows = out_rows_avail - *out_row_ctr;

utils/small_utilities/small_SEM_solver_in_Fortran_without_MPI_to_learn/libjpeg/jerror.h

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,6 +56,7 @@ JMESSAGE(JERR_BAD_LENGTH, "Bogus marker length")
5656
JMESSAGE(JERR_BAD_LIB_VERSION,
5757
"Wrong JPEG library version: library is %d, caller expects %d")
5858
JMESSAGE(JERR_BAD_MCU_SIZE, "Sampling factors too large for interleaved scan")
59+
JMESSAGE(JERR_BAD_PARAM, "Bogus parameter")
5960
JMESSAGE(JERR_BAD_POOL_ID, "Invalid memory pool code %d")
6061
JMESSAGE(JERR_BAD_PRECISION, "Unsupported JPEG data precision %d")
6162
JMESSAGE(JERR_BAD_PROGRESSION,

utils/small_utilities/small_SEM_solver_in_Fortran_without_MPI_to_learn/libjpeg/jquant1.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -528,6 +528,10 @@ quantize_ord_dither (j_decompress_ptr cinfo, JSAMPARRAY input_buf,
528528
JDIMENSION col;
529529
JDIMENSION width = cinfo->output_width;
530530

531+
if (output_buf == NULL && num_rows) {
532+
ERREXIT(cinfo, JERR_BAD_PARAM);
533+
}
534+
531535
for (row = 0; row < num_rows; row++) {
532536
/* Initialize output values to 0 so can process components separately */
533537
jzero_far((void FAR *) output_buf[row],

0 commit comments

Comments
 (0)