Gitiles
Code Review Sign In
review.blissroms.org / platform_external_libjpeg-turbo / d4c41fe0dabe2d1539763c899f879cc1e391750a
commitd4c41fe0dabe2d1539763c899f879cc1e391750a[log] [tgz]
authorDRC <information@libjpeg-turbo.org>Sat Mar 18 12:56:36 2017 -0500
committerDRC <information@libjpeg-turbo.org>Sat Mar 18 13:12:17 2017 -0500
treee14ec5f33c1fd322ea68229641d462990368f45a
parenta0b7de9a47358a19b31db447dbf02b488463eb7e [diff]
TurboJPEG: Fix potential memory leaks

Referring to https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=746,
it seems that the values of local buffer pointers in TurboJPEG API
functions aren't always preserved if longjmp() returns control to a
point prior to the allocation of the local buffers.  This is known to
be an issue with GCC 4.x and clang with -O1 and higher optimization
levels but not with GCC 5.x and later.  It is unknown why GCC 5.x and
6.x do not suffer from the issue, but possibly the local buffer pointers
are not allocated on the stack when using those more recent compilers.

In any case, this commit modifies the TurboJPEG API library code such
that the jump buffer is always updated after any local buffer pointers
are allocated but before any subsequent libjpeg API functions are
called.
2 files changed
tree: e14ec5f33c1fd322ea68229641d462990368f45a
  1. ci/
  2. cmakescripts/
  3. doc/
  4. java/
  5. md5/
  6. release/
  7. sharedlib/
  8. simd/
  9. testimages/
  10. win/
  11. .gitignore
  12. .travis.yml
  13. acinclude.m4
  14. appveyor.yml
  15. bmp.c
  16. bmp.h
  17. BUILDING.md
  18. cderror.h
  19. cdjpeg.c
  20. cdjpeg.h
  21. change.log
  22. ChangeLog.md
  23. cjpeg.1
  24. cjpeg.c
  25. CMakeLists.txt
  26. coderules.txt
  27. configure.ac
  28. djpeg.1
  29. djpeg.c
  30. doxygen-extra.css
  31. doxygen.config
  32. example.c
  33. jaricom.c
  34. jcapimin.c
  35. jcapistd.c
  36. jcarith.c
  37. jccoefct.c
  38. jccolext.c
  39. jccolor.c
  40. jcdctmgr.c
  41. jchuff.c
  42. jchuff.h
  43. jcinit.c
  44. jcmainct.c
  45. jcmarker.c
  46. jcmaster.c
  47. jcomapi.c
  48. jconfig.h.in
  49. jconfig.txt
  50. jconfigint.h.in
  51. jcparam.c
  52. jcphuff.c
  53. jcprepct.c
  54. jcsample.c
  55. jcstest.c
  56. jctrans.c
  57. jdapimin.c
  58. jdapistd.c
  59. jdarith.c
  60. jdatadst-tj.c
  61. jdatadst.c
  62. jdatasrc-tj.c
  63. jdatasrc.c
  64. jdcoefct.c
  65. jdcoefct.h
  66. jdcol565.c
  67. jdcolext.c
  68. jdcolor.c
  69. jdct.h
  70. jddctmgr.c
  71. jdhuff.c
  72. jdhuff.h
  73. jdinput.c
  74. jdmainct.c
  75. jdmainct.h
  76. jdmarker.c
  77. jdmaster.c
  78. jdmaster.h
  79. jdmerge.c
  80. jdmrg565.c
  81. jdmrgext.c
  82. jdphuff.c
  83. jdpostct.c
  84. jdsample.c
  85. jdsample.h
  86. jdtrans.c
  87. jerror.c
  88. jerror.h
  89. jfdctflt.c
  90. jfdctfst.c
  91. jfdctint.c
  92. jidctflt.c
  93. jidctfst.c
  94. jidctint.c
  95. jidctred.c
  96. jinclude.h
  97. jmemmgr.c
  98. jmemnobs.c
  99. jmemsys.h
  100. jmorecfg.h
  101. jpeg_nbits_table.h
  102. jpegcomp.h
  103. jpegint.h
  104. jpeglib.h
  105. jpegtran.1
  106. jpegtran.c
  107. jquant1.c
  108. jquant2.c
  109. jsimd.h
  110. jsimd_none.c
  111. jsimddct.h
  112. jstdhuff.c
  113. jutils.c
  114. jversion.h
  115. libjpeg.map.in
  116. libjpeg.txt
  117. LICENSE.md
  118. Makefile.am
  119. rdbmp.c
  120. rdcolmap.c
  121. rdgif.c
  122. rdjpgcom.1
  123. rdjpgcom.c
  124. rdppm.c
  125. rdrle.c
  126. rdswitch.c
  127. rdtarga.c
  128. README.ijg
  129. README.md
  130. structure.txt
  131. tjbench.c
  132. tjbenchtest.in
  133. tjbenchtest.java.in
  134. tjexampletest.in
  135. tjunittest.c
  136. tjutil.c
  137. tjutil.h
  138. transupp.c
  139. transupp.h
  140. turbojpeg-jni.c
  141. turbojpeg-mapfile
  142. turbojpeg-mapfile.jni
  143. turbojpeg.c
  144. turbojpeg.h
  145. usage.txt
  146. wizard.txt
  147. wrbmp.c
  148. wrgif.c
  149. wrjpgcom.1
  150. wrjpgcom.c
  151. wrppm.c
  152. wrppm.h
  153. wrrle.c
  154. wrtarga.c