diff options
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/plugins/jpeg.c | 40 |
1 files changed, 34 insertions, 6 deletions
diff --git a/apps/plugins/jpeg.c b/apps/plugins/jpeg.c index fee137b1eb..5314ac6091 100644 --- a/apps/plugins/jpeg.c +++ b/apps/plugins/jpeg.c | |||
| @@ -2012,24 +2012,42 @@ int process_markers(unsigned char* p_bytes, long size, struct jpeg* p_jpeg) | |||
| 2012 | marker_size |= *p_src++; /* Lowbyte */ | 2012 | marker_size |= *p_src++; /* Lowbyte */ |
| 2013 | 2013 | ||
| 2014 | p_temp = p_src; | 2014 | p_temp = p_src; |
| 2015 | while (p_src < p_temp+marker_size-2) /* another table */ | 2015 | while (p_src < p_temp+marker_size-2-17) /* another table */ |
| 2016 | { | 2016 | { |
| 2017 | int sum = 0; | ||
| 2017 | i = *p_src & 0x0F; /* table index */ | 2018 | i = *p_src & 0x0F; /* table index */ |
| 2018 | if (i > 1) | 2019 | if (i > 1) |
| 2019 | { | 2020 | { |
| 2020 | return (-5); /* Huffman table index out of range */ | 2021 | return (-5); /* Huffman table index out of range */ |
| 2021 | } | 2022 | } |
| 2022 | if (*p_src++ & 0xF0) /* AC table */ | 2023 | else if (*p_src++ & 0xF0) /* AC table */ |
| 2023 | { | 2024 | { |
| 2024 | for (j=0; j<MIN(AC_LEN, marker_size-3); j++) | 2025 | for (j=0; j<16; j++) |
| 2026 | { | ||
| 2027 | sum += *p_src; | ||
| 2028 | p_jpeg->hufftable[i].huffmancodes_ac[j] = *p_src++; | ||
| 2029 | } | ||
| 2030 | if(16 + sum > AC_LEN) | ||
| 2031 | return -10; /* longer than allowed */ | ||
| 2032 | |||
| 2033 | for (; j < 16 + sum; j++) | ||
| 2025 | p_jpeg->hufftable[i].huffmancodes_ac[j] = *p_src++; | 2034 | p_jpeg->hufftable[i].huffmancodes_ac[j] = *p_src++; |
| 2026 | } | 2035 | } |
| 2027 | else /* DC table */ | 2036 | else /* DC table */ |
| 2028 | { | 2037 | { |
| 2029 | for (j=0; j<MIN(DC_LEN, marker_size-3); j++) | 2038 | for (j=0; j<16; j++) |
| 2039 | { | ||
| 2040 | sum += *p_src; | ||
| 2041 | p_jpeg->hufftable[i].huffmancodes_dc[j] = *p_src++; | ||
| 2042 | } | ||
| 2043 | if(16 + sum > DC_LEN) | ||
| 2044 | return -11; /* longer than allowed */ | ||
| 2045 | |||
| 2046 | for (; j < 16 + sum; j++) | ||
| 2030 | p_jpeg->hufftable[i].huffmancodes_dc[j] = *p_src++; | 2047 | p_jpeg->hufftable[i].huffmancodes_dc[j] = *p_src++; |
| 2031 | } | 2048 | } |
| 2032 | } /* while */ | 2049 | } /* while */ |
| 2050 | p_src = p_temp+marker_size - 2; // skip possible residue | ||
| 2033 | } | 2051 | } |
| 2034 | break; | 2052 | break; |
| 2035 | 2053 | ||
| @@ -2103,6 +2121,14 @@ int process_markers(unsigned char* p_bytes, long size, struct jpeg* p_jpeg) | |||
| 2103 | case 0xE5: /* Application Field 5*/ | 2121 | case 0xE5: /* Application Field 5*/ |
| 2104 | case 0xE6: /* Application Field 6*/ | 2122 | case 0xE6: /* Application Field 6*/ |
| 2105 | case 0xE7: /* Application Field 7*/ | 2123 | case 0xE7: /* Application Field 7*/ |
| 2124 | case 0xE8: /* Application Field 8*/ | ||
| 2125 | case 0xE9: /* Application Field 9*/ | ||
| 2126 | case 0xEA: /* Application Field 10*/ | ||
| 2127 | case 0xEB: /* Application Field 11*/ | ||
| 2128 | case 0xEC: /* Application Field 12*/ | ||
| 2129 | case 0xED: /* Application Field 13*/ | ||
| 2130 | case 0xEE: /* Application Field 14*/ | ||
| 2131 | case 0xEF: /* Application Field 15*/ | ||
| 2106 | case 0xFE: /* Comment */ | 2132 | case 0xFE: /* Comment */ |
| 2107 | { | 2133 | { |
| 2108 | marker_size = *p_src++ << 8; /* Highbyte */ | 2134 | marker_size = *p_src++ << 8; /* Highbyte */ |
| @@ -2133,7 +2159,7 @@ int process_markers(unsigned char* p_bytes, long size, struct jpeg* p_jpeg) | |||
| 2133 | 2159 | ||
| 2134 | 2160 | ||
| 2135 | /* memory location for later decompress (16-bit aligned) */ | 2161 | /* memory location for later decompress (16-bit aligned) */ |
| 2136 | p_dest = (unsigned char*)((int)p_bytes + 1 & ~1); | 2162 | p_dest = (unsigned char*)(((int)p_bytes + 1) & ~1); |
| 2137 | p_jpeg->p_entropy_data = (unsigned short*)p_dest; | 2163 | p_jpeg->p_entropy_data = (unsigned short*)p_dest; |
| 2138 | 2164 | ||
| 2139 | 2165 | ||
| @@ -2152,6 +2178,8 @@ int process_markers(unsigned char* p_bytes, long size, struct jpeg* p_jpeg) | |||
| 2152 | } | 2178 | } |
| 2153 | else if (*p_src >= 0xD0 && *p_src <= 0xD7) /* restart marker */ | 2179 | else if (*p_src >= 0xD0 && *p_src <= 0xD7) /* restart marker */ |
| 2154 | { | 2180 | { |
| 2181 | return (-12); /* can't decode such images for now */ | ||
| 2182 | /* below won't work, is not seamless to the huffman decoder */ | ||
| 2155 | p_src++; /* continue reading after marker */ | 2183 | p_src++; /* continue reading after marker */ |
| 2156 | p_dest--; /* roll back, don't copy it */ | 2184 | p_dest--; /* roll back, don't copy it */ |
| 2157 | continue; /* ignore */ | 2185 | continue; /* ignore */ |
| @@ -2899,7 +2927,7 @@ int main(char* filename) | |||
| 2899 | status = process_markers(buf_jpeg, filesize, &jpg); | 2927 | status = process_markers(buf_jpeg, filesize, &jpg); |
| 2900 | if (status < 0 || (status & (DQT | SOF0)) != (DQT | SOF0)) | 2928 | if (status < 0 || (status & (DQT | SOF0)) != (DQT | SOF0)) |
| 2901 | { /* bad format or minimum components not contained */ | 2929 | { /* bad format or minimum components not contained */ |
| 2902 | rb->splash(HZ*2, true, "unsupported format %d", status); | 2930 | rb->splash(HZ*2, true, "unsupported %d", status); |
| 2903 | return PLUGIN_ERROR; | 2931 | return PLUGIN_ERROR; |
| 2904 | } | 2932 | } |
| 2905 | if (!(status & DHT)) /* if no Huffman table present: */ | 2933 | if (!(status & DHT)) /* if no Huffman table present: */ |