media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-divzero_fix.patch - mirrors/cros/chromiumos/overlays/portage-stable - Git at Google

 Backported from
 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6

 --- libjpeg-turbo-1.5.3/rdbmp.c
 +++ libjpeg-turbo-1.5.3/rdbmp.c
 @@ -434,6 +434,12 @@
      progress->total_extra_passes++; /* count file input as separate pass */
    }

 +  /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum
 +     value of the JDIMENSION type.  This is only a danger with BMP files, since
 +     their width and height fields are 32-bit integers. */
 +  if ((unsigned long long)biWidth *
 +      (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL)
 +    ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
    /* Allocate one-row buffer for returned data */
    source->pub.buffer = (*cinfo->mem->alloc_sarray)
      ((j_common_ptr) cinfo, JPOOL_IMAGE,
	Backported from
	https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6

	--- libjpeg-turbo-1.5.3/rdbmp.c
	+++ libjpeg-turbo-1.5.3/rdbmp.c
	@@ -434,6 +434,12 @@
	progress->total_extra_passes++; /* count file input as separate pass */
	}

	+ /* Ensure that biWidth * cinfo->input_components doesn't exceed the maximum
	+ value of the JDIMENSION type. This is only a danger with BMP files, since
	+ their width and height fields are 32-bit integers. */
	+ if ((unsigned long long)biWidth *
	+ (unsigned long long)cinfo->input_components > 0xFFFFFFFFULL)
	+ ERREXIT(cinfo, JERR_WIDTH_OVERFLOW);
	/* Allocate one-row buffer for returned data */
	source->pub.buffer = (*cinfo->mem->alloc_sarray)
	((j_common_ptr) cinfo, JPOOL_IMAGE,