summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorKim Motoyoshi Kalland <kim.kalland@nokia.com>2010-09-20 10:39:27 (GMT)
committerKim Motoyoshi Kalland <kim.kalland@nokia.com>2010-09-20 12:30:03 (GMT)
commit5220c371176951e12d525ac7908861d111c367d0 (patch)
treedc7787e72a19cb9ce31dcd0a20dc0e2def00c3eb /src
parent0fd2c492ee2e8317a5fbb0fb446816df53d5b17b (diff)
downloadQt-5220c371176951e12d525ac7908861d111c367d0.zip
Qt-5220c371176951e12d525ac7908861d111c367d0.tar.gz
Qt-5220c371176951e12d525ac7908861d111c367d0.tar.bz2
Fixed infinite loop when loading jpeg without EOI from memory.
Task-number: QTBUG-13653 Reviewed-by: aavit
Diffstat (limited to 'src')
-rw-r--r--src/gui/image/qjpeghandler.cpp19
1 files changed, 8 insertions, 11 deletions
diff --git a/src/gui/image/qjpeghandler.cpp b/src/gui/image/qjpeghandler.cpp
index eda5efb..e685694 100644
--- a/src/gui/image/qjpeghandler.cpp
+++ b/src/gui/image/qjpeghandler.cpp
@@ -134,15 +134,18 @@ static void qt_init_source(j_decompress_ptr)
static boolean qt_fill_input_buffer(j_decompress_ptr cinfo)
{
my_jpeg_source_mgr* src = (my_jpeg_source_mgr*)cinfo->src;
+ qint64 num_read = 0;
if (src->memDevice) {
src->next_input_byte = (const JOCTET *)(src->memDevice->data().constData() + src->memDevice->pos());
- src->bytes_in_buffer = (size_t)(src->memDevice->data().size() - src->memDevice->pos());
- return true;
+ num_read = src->memDevice->data().size() - src->memDevice->pos();
+ src->device->seek(src->memDevice->data().size());
+ } else {
+ src->next_input_byte = src->buffer;
+ num_read = src->device->read((char*)src->buffer, max_buf);
}
- src->next_input_byte = src->buffer;
- int num_read = src->device->read((char*)src->buffer, max_buf);
if (num_read <= 0) {
// Insert a fake EOI marker - as per jpeglib recommendation
+ src->next_input_byte = src->buffer;
src->buffer[0] = (JOCTET) 0xFF;
src->buffer[1] = (JOCTET) JPEG_EOI;
src->bytes_in_buffer = 2;
@@ -183,13 +186,7 @@ static void qt_term_source(j_decompress_ptr cinfo)
{
my_jpeg_source_mgr* src = (my_jpeg_source_mgr*)cinfo->src;
if (!src->device->isSequential())
- {
- // read() isn't used for memDevice, so seek past everything that was used
- if (src->memDevice)
- src->device->seek(src->device->pos() + (src->memDevice->data().size() - src->memDevice->pos() - src->bytes_in_buffer));
- else
- src->device->seek(src->device->pos() - src->bytes_in_buffer);
- }
+ src->device->seek(src->device->pos() - src->bytes_in_buffer);
}
#if defined(Q_C_CALLBACKS)