| Summary: | closedctd function has a bug | ||
|---|---|---|---|
| Product: | MuPDF | Reporter: | akay <akay> |
| Component: | fitz | Assignee: | Tor Andersson <tor.andersson> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | normal | ||
| Priority: | P4 | ||
| Version: | unspecified | ||
| Hardware: | PC | ||
| OS: | Windows XP | ||
| Customer: | Word Size: | --- | |
jpeg_create_decompress is always called. If jpeg_read_header fails then closedct will be called with state->init set to false. In this case, we want to call jpeg_destroy_compress but not jpeg_finish_decompress (this is why we have the state->init flag). |
on file filt_dctd.c Line 182, function closedctd(fz_stream *stm) if (state->init) jpeg_finish_decompress(&state->cinfo); state->chain->rp = state->chain->wp - state->cinfo.src->bytes_in_buffer; jpeg_destroy_decompress(&state->cinfo); I think this will modify to: if (state->init) { jpeg_finish_decompress(&state->cinfo); state->chain->rp = state->chain->wp - state->cinfo.src->bytes_in_buffer; jpeg_destroy_decompress(&state->cinfo); } Because if the state did not init,if you call jpeg_destroy_decompress(&state->cinfo); will cause fatal error. Please check.