diff options
author | Kim Motoyoshi Kalland <kim.kalland@nokia.com> | 2010-09-20 10:39:27 (GMT) |
---|---|---|
committer | Kim Motoyoshi Kalland <kim.kalland@nokia.com> | 2010-09-20 12:30:03 (GMT) |
commit | 5220c371176951e12d525ac7908861d111c367d0 (patch) | |
tree | dc7787e72a19cb9ce31dcd0a20dc0e2def00c3eb /src | |
parent | 0fd2c492ee2e8317a5fbb0fb446816df53d5b17b (diff) | |
download | Qt-5220c371176951e12d525ac7908861d111c367d0.zip Qt-5220c371176951e12d525ac7908861d111c367d0.tar.gz Qt-5220c371176951e12d525ac7908861d111c367d0.tar.bz2 |
Fixed infinite loop when loading jpeg without EOI from memory.
Task-number: QTBUG-13653
Reviewed-by: aavit
Diffstat (limited to 'src')
-rw-r--r-- | src/gui/image/qjpeghandler.cpp | 19 |
1 files changed, 8 insertions, 11 deletions
diff --git a/src/gui/image/qjpeghandler.cpp b/src/gui/image/qjpeghandler.cpp index eda5efb..e685694 100644 --- a/src/gui/image/qjpeghandler.cpp +++ b/src/gui/image/qjpeghandler.cpp @@ -134,15 +134,18 @@ static void qt_init_source(j_decompress_ptr) static boolean qt_fill_input_buffer(j_decompress_ptr cinfo) { my_jpeg_source_mgr* src = (my_jpeg_source_mgr*)cinfo->src; + qint64 num_read = 0; if (src->memDevice) { src->next_input_byte = (const JOCTET *)(src->memDevice->data().constData() + src->memDevice->pos()); - src->bytes_in_buffer = (size_t)(src->memDevice->data().size() - src->memDevice->pos()); - return true; + num_read = src->memDevice->data().size() - src->memDevice->pos(); + src->device->seek(src->memDevice->data().size()); + } else { + src->next_input_byte = src->buffer; + num_read = src->device->read((char*)src->buffer, max_buf); } - src->next_input_byte = src->buffer; - int num_read = src->device->read((char*)src->buffer, max_buf); if (num_read <= 0) { // Insert a fake EOI marker - as per jpeglib recommendation + src->next_input_byte = src->buffer; src->buffer[0] = (JOCTET) 0xFF; src->buffer[1] = (JOCTET) JPEG_EOI; src->bytes_in_buffer = 2; @@ -183,13 +186,7 @@ static void qt_term_source(j_decompress_ptr cinfo) { my_jpeg_source_mgr* src = (my_jpeg_source_mgr*)cinfo->src; if (!src->device->isSequential()) - { - // read() isn't used for memDevice, so seek past everything that was used - if (src->memDevice) - src->device->seek(src->device->pos() + (src->memDevice->data().size() - src->memDevice->pos() - src->bytes_in_buffer)); - else - src->device->seek(src->device->pos() - src->bytes_in_buffer); - } + src->device->seek(src->device->pos() - src->bytes_in_buffer); } #if defined(Q_C_CALLBACKS) |