main/libjpeg-turbo: security fix (CVE-2013-6629,CVE-2013-6630)

1 files changed, 34 insertions, 0 deletions

diff --git a/main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch b/main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch
new file mode 100644
index 000000000..7a93d4be2
--- /dev/null
+++ b/main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch
@@ -0,0 +1,34 @@
+--- a/jdmarker.c
++++ b/jdmarker.c
+@@ -304,7 +304,7 @@
+ /* Process a SOS marker */
+ {
+   INT32 length;
+-  int i, ci, n, c, cc;
++  int i, ci, n, c, cc, pi;
+   jpeg_component_info * compptr;
+   INPUT_VARS(cinfo);
+ 
+@@ -348,6 +348,13 @@
+     
+     TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc,
+ 	     compptr->dc_tbl_no, compptr->ac_tbl_no);
++
++    /* This CSi (cc) should differ from the previous CSi */
++    for (pi = 0; pi < i; pi++) {
++      if (cinfo->cur_comp_info[pi] == compptr) {
++        ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc);
++      }
++    }
+   }
+ 
+   /* Collect the additional scan parameters Ss, Se, Ah/Al. */
+@@ -464,6 +471,8 @@
+ 
+     for (i = 0; i < count; i++)
+       INPUT_BYTE(cinfo, huffval[i], return FALSE);
++
++    MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8));
+ 
+     length -= count;
+