diff --git a/filters/packjpg/aricoder.cpp b/filters/packjpg/aricoder.cpp index 64b9da2..9ca61f9 100644 --- a/filters/packjpg/aricoder.cpp +++ b/filters/packjpg/aricoder.cpp @@ -280,7 +280,7 @@ model_s::model_s( int max_s, int max_c, int max_o, int c_lim ) null_table->links[ i ] = start_table; // alloc memory for storage & contexts - storage = ( table_s** ) calloc( max_order + 2, sizeof( table_s* ) ); + storage = ( table_s** ) calloc( max_order + 3, sizeof( table_s* ) ); if ( storage == NULL ) ERROR_EXIT; contexts = storage + 1; @@ -758,7 +758,7 @@ model_b::model_b( int max_c, int max_o, int c_lim ) null_table->links[ i ] = start_table; // alloc memory for storage & contexts - storage = ( table** ) calloc( max_order + 2, sizeof( table* ) ); + storage = ( table** ) calloc( max_order + 3, sizeof( table* ) ); if ( storage == NULL ) ERROR_EXIT; contexts = storage + 1; diff --git a/filters/packjpg/packjpg.cpp b/filters/packjpg/packjpg.cpp index 8347a1f..792124d 100644 --- a/filters/packjpg/packjpg.cpp +++ b/filters/packjpg/packjpg.cpp @@ -1,5 +1,5 @@ /* -packJPG v2.5h (12/07/2013) +packJPG v2.5i (12/12/2013) ~~~~~~~~~~~~~~~~~~~~~~~~~~ packJPG is a compression program specially designed for further @@ -228,6 +228,9 @@ v2.5g (09/14/13) (public) v2.5h (12/07/13) (public) - added a warning for inefficient huffman coding (thanks to Moinak Ghosh) + +v2.5i (12/12/13) (public) + - fixed possible crash with malformed JPEG (thanks to Moinak Ghosh) Acknowledgements @@ -3723,6 +3726,11 @@ INTERN bool jpg_parse_jfif( unsigned char type, unsigned int len, unsigned char* imgheight = B_SHORT( segment[ hpos + 1 ], segment[ hpos + 2 ] ); imgwidth = B_SHORT( segment[ hpos + 3 ], segment[ hpos + 4 ] ); cmpc = segment[ hpos + 5 ]; + if ( ( imgwidth == 0 ) || ( imgheight == 0 ) ) { + sprintf( errormessage, "resolution is %ix%i, possible malformed JPEG", imgwidth, imgheight ); + errorlevel = 2; + return false; + } if ( cmpc > 4 ) { sprintf( errormessage, "image has %i components, max 4 are supported", cmpc ); errorlevel = 2;