ref: c625f96dafa99e7d899675be83adbfc018096131
parent: 339cb9d308cccf856af1d995c7888419a648e444
author: cinap_lenrek <cinap_lenrek@gmx.de>
date: Tue May 29 13:53:49 EDT 2012
jpg: fix memory corruption
--- a/sys/src/cmd/jpg/readjpg.c
+++ b/sys/src/cmd/jpg/readjpg.c
@@ -488,8 +488,10 @@
/* flow chart C-2 */
nsize = 0;
- for(i=0; i<16; i++)
- nsize += b[1+i];
+ for(i=1; i<=16; i++)
+ nsize += b[i];
+ if(nsize == 0)
+ return 0;
t->size = jpgmalloc(h, (nsize+1)*sizeof(int), 1);
k = 0;
for(i=1; i<=16; i++){--
⑨