Ensure methods called by global funcs are init'd

If a hypothetical calling application does something really stupid and changes cinfo->data_precision after calling jpeg_start_*compress(), then the precision-specific methods called by jpeg_write_scanlines(), jpeg_write_raw_data(), jpeg_finish_compress(), jpeg_read_scanlines(), jpeg_read_raw_data(), or jpeg_start_output() may not be initialized. Ensure that the first precision-specific method (which will always be cinfo->main->process_data*(), cinfo->coef->compress_data*(), or cinfo->coef->decompress_data()) called by any global function that may be called after jpeg_start_*compress() is initialized and non-NULL. This increases the likelihood (but does not guarantee) that a hypothetical stupid calling application will fail gracefully rather than segfault if it changes cinfo->data_precision after calling jpeg_start_*compress(). A hypothetical stupid calling application can still bork itself by changing cinfo->data_precision after initializing the source manager but before calling jpeg_start_compress(), or after initializing the destination manager but before calling jpeg_start_decompress().
2026-01-18 21:41:20 +01:00 · 2024-12-18 12:50:38 -05:00
parent cc095fee7b
commit e0e18dea54
9 changed files with 44 additions and 6 deletions
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -1,3 +1,14 @@
+3.1.1
+=====
+
+### Significant changes relative to 3.1.0:
+
+1. Hardened the libjpeg API against hypothetical calling applications that may
+erroneously change the value of the `data_precision` field in
+`jpeg_compress_struct` or `jpeg_decompress_struct` after calling
+`jpeg_start_compress()` or `jpeg_start_decompress()`.
+
+
 3.1.0
 =====