Update PackJPG to version 2.5h.

Fix missing bounds checking in Delta2.
This commit is contained in:
Moinak Ghosh 2013-12-14 20:58:59 +05:30
parent a851bac247
commit dcc64d9e47
2 changed files with 27 additions and 13 deletions

View file

@ -91,8 +91,7 @@
/*
* Stride values to be checked. As of this implementation strides only
* upto 8 bytes (uint64_t) are supported and common type lengths only
* are checked.
* upto 8 bytes (uint64_t) are supported.
*/
#define NSTRIDES NSTRIDES_EXTRA
static uchar_t strides[NSTRIDES] = {2, 4, 8, 3, 5, 6, 7};
@ -480,7 +479,7 @@ delta2_decode(uchar_t *src, uint64_t srclen, uchar_t *dst, uint64_t *dstlen)
} else {
stride = flags;
if (stride > STRIDE_MAX) {
if (stride > STRIDE_MAX || stride < STRIDE_MIN) {
log_msg(LOG_ERR, 0, "DELTA2 Decode(delta): Invalid stride length: %d. Corrupt data.\n", stride);
return (-1);
}

View file

@ -1,5 +1,5 @@
/*
packJPG v2.5g (09/14/2013)
packJPG v2.5h (12/07/2013)
~~~~~~~~~~~~~~~~~~~~~~~~~~
packJPG is a compression program specially designed for further
@ -226,6 +226,9 @@ v2.5f (02/24/13) (public)
v2.5g (09/14/13) (public)
- fixed a rare crash bug with manipulated JPEG files
v2.5h (12/07/13) (public)
- added a warning for inefficient huffman coding (thanks to Moinak Ghosh)
Acknowledgements
~~~~~~~~~~~~~~~~
@ -254,7 +257,7 @@ For questions and bug reports:
____________________________________
packJPG by Matthias Stirner, 09/2013
packJPG by Matthias Stirner, 12/2013
*/
#include <stdio.h>
@ -672,10 +675,10 @@ INTERN unsigned char orig_set[ 8 ] = { 0 }; // store array for settings
----------------------------------------------- */
INTERN const unsigned char appversion = 25;
INTERN const char* subversion = "g";
INTERN const char* subversion = "h";
INTERN const char* apptitle = "packJPG";
INTERN const char* appname = "packjpg";
INTERN const char* versiondate = "09/14/2013";
INTERN const char* versiondate = "12/07/2013";
INTERN const char* author = "Matthias Stirner / Se";
#if !defined(BUILD_LIB)
INTERN const char* website = "http://www.elektronik.htw-aalen.de/packjpg/";
@ -2462,6 +2465,12 @@ INTERN bool decode_jpeg( void )
&(htrees[ 1 ][ cmpnfo[cmp].huffdc ]),
block );
// check for non optimal coding
if ( ( eob > 1 ) && ( block[ eob - 1 ] == 0 ) ) {
sprintf( errormessage, "reconstruction of inefficient coding not supported" );
errorlevel = 1;
}
// fix dc
block[ 0 ] += lastdc[ cmp ];
lastdc[ cmp ] = block[ 0 ];
@ -2523,6 +2532,12 @@ INTERN bool decode_jpeg( void )
&(htrees[ 1 ][ cmpnfo[cmp].huffdc ]),
block );
// check for non optimal coding
if ( ( eob > 1 ) && ( block[ eob - 1 ] == 0 ) ) {
sprintf( errormessage, "reconstruction of inefficient coding not supported" );
errorlevel = 1;
}
// fix dc
block[ 0 ] += lastdc[ cmp ];
lastdc[ cmp ] = block[ 0 ];
@ -2590,7 +2605,7 @@ INTERN bool decode_jpeg( void )
if ( ( eob == cs_from ) && ( peobrun > 0 ) &&
( peobrun < hcodes[ 1 ][ cmpnfo[cmp].huffac ].max_eobrun - 1 ) ) {
sprintf( errormessage,
"reconstruction of non optimal coding not supported" );
"reconstruction of inefficient coding not supported" );
errorlevel = 1;
}
peobrun = eobrun;
@ -2630,7 +2645,7 @@ INTERN bool decode_jpeg( void )
if ( ( eob == cs_from ) && ( peobrun > 0 ) &&
( peobrun < hcodes[ 1 ][ cmpnfo[cmp].huffac ].max_eobrun - 1 ) ) {
sprintf( errormessage,
"reconstruction of non optimal coding not supported" );
"reconstruction of inefficient coding not supported" );
errorlevel = 1;
}