jcapimin.c: Revert changes made in fc01f467

Those changes worked around an innocuous UBSan warning that was exposed by the new TurboJPEG 3 transform fuzz target, due to the fact that tj3Transform() no longer rejects images with unknown subsampling configurations. That UBSan warning was a false positive, and attempting to fix it introduced a buffer overrun triggered by a malformed input image that causes jpeg_write_marker() to be called with datalen == 0. I suspect that the UBSan false positive was only reproducible on my local machine, but I guess we'll see. Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=55413
2026-01-18 21:41:20 +01:00 · 2023-01-27 13:38:48 -06:00
parent d0015876ec
commit 9b3a8f3641
1 changed files with 2 additions and 3 deletions
--- a/jcapimin.c
+++ b/jcapimin.c
@@ -5,7 +5,7 @@
 * Copyright (C) 1994-1998, Thomas G. Lane.
 * Modified 2003-2010 by Guido Vollbeding.
 * libjpeg-turbo Modifications:
- * Copyright (C) 2022-2023, D. R. Commander.
+ * Copyright (C) 2022, D. R. Commander.
 * For conditions of distribution and use, see the accompanying README.ijg
 * file.
 *
@@ -240,11 +240,10 @@ jpeg_write_marker(j_compress_ptr cinfo, int marker, const JOCTET *dataptr,

  (*cinfo->marker->write_marker_header) (cinfo, marker, datalen);
  write_marker_byte = cinfo->marker->write_marker_byte; /* copy for speed */
-  do {
+  while (datalen--) {
    (*write_marker_byte) (cinfo, *dataptr);
    dataptr++;
  }
-  while (--datalen);
 }

 /* Same, but piecemeal. */