diff options
Diffstat (limited to 'media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-overrun.patch')
| -rw-r--r-- | media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-overrun.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-overrun.patch b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-overrun.patch new file mode 100644 index 000000000000..92f48c38adae --- /dev/null +++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.3.1-overrun.patch @@ -0,0 +1,21 @@ +diff -Naur old/jchuff.c new/jchuff.c +--- old/jchuff.c 2014-11-27 06:48:21.009442853 -1000 ++++ new/jchuff.c 2014-11-27 06:48:46.289700004 -1000 +@@ -391,7 +391,16 @@ + #endif + + +-#define BUFSIZE (DCTSIZE2 * 2) ++/* Although it is exceedingly rare, it is possible for a Huffman-encoded ++ * coefficient block to be larger than the 128-byte unencoded block. For each ++ * of the 64 coefficients, PUT_BITS is invoked twice, and each invocation can ++ * theoretically store 16 bits (for a maximum of 2048 bits or 256 bytes per ++ * encoded block.) If, for instance, one artificially sets the AC ++ * coefficients to alternating values of 32767 and -32768 (using the JPEG ++ * scanning order-- 1, 8, 16, etc.), then this will produce an encoded block ++ * larger than 200 bytes. ++ */ ++#define BUFSIZE (DCTSIZE2 * 4) + + #define LOAD_BUFFER() { \ + if (state->free_in_buffer < BUFSIZE) { \ |