We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 3972

Summary:	[Patch] IMG_SaveJPG references unconverted surface after conversion
Product:	SDL_image	Reporter:	Ethan Lee <flibitijibibo>
Component:	misc	Assignee:	Sam Lantinga <slouken>
Status:	RESOLVED FIXED	QA Contact:	Sam Lantinga <slouken>
Severity:	critical
Priority:	P2
Version:	unspecified
Hardware:	All
OS:	All
Attachments:	Patch to fix IMG_SaveJPG for != 24bpp

Description Ethan Lee 2017-11-19 16:06:39 UTC

Created attachment 3093 [details]
Patch to fix IMG_SaveJPG for != 24bpp

IMG_SaveJPG currently references the surface parameter even after the surface has potentially been converted to the format needed by libjpeg. So, for example, if the surface is ABGR8888, the function will iterate through scanlines with 32bpp instead of 24bpp, leading to a buffer over-read.

This patch simply replaces all the surface references with jpeg_surface references.

Comment 1 Sam Lantinga 2017-11-22 05:36:58 UTC

Fixed, thanks!
https://hg.libsdl.org/SDL_image/rev/7ba79c28092a

We are currently migrating Bugzilla to GitHub issues.Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 3972

We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.