We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 3972 - [Patch] IMG_SaveJPG references unconverted surface after conversion
Summary: [Patch] IMG_SaveJPG references unconverted surface after conversion
Status: RESOLVED FIXED
Alias: None
Product: SDL_image
Classification: Unclassified
Component: misc (show other bugs)
Version: unspecified
Hardware: All All
: P2 critical
Assignee: Sam Lantinga
QA Contact: Sam Lantinga
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-19 16:06 UTC by Ethan Lee
Modified: 2017-11-22 05:36 UTC (History)
0 users

See Also:

Attachments
Patch to fix IMG_SaveJPG for != 24bpp (1.11 KB, patch)
2017-11-19 16:06 UTC, Ethan Lee 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ethan Lee 2017-11-19 16:06:39 UTC 
Created attachment 3093 [details]
Patch to fix IMG_SaveJPG for != 24bpp

IMG_SaveJPG currently references the surface parameter even after the surface has potentially been converted to the format needed by libjpeg. So, for example, if the surface is ABGR8888, the function will iterate through scanlines with 32bpp instead of 24bpp, leading to a buffer over-read.

This patch simply replaces all the surface references with jpeg_surface references.
Comment 1 Sam Lantinga 2017-11-22 05:36:58 UTC 
Fixed, thanks!
https://hg.libsdl.org/SDL_image/rev/7ba79c28092a