Created attachment 8617162 [details] [diff] [review] jpeg-turbo.patch User Agent: Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0 Build ID: 20150525141253 Steps to reproduce: Ran static analyzer tool on libjpeg-turbo 1.4.0 and found division by zero issue in jquant2.c Actual results: Divide by zero error was reported by static tool. At runtime it could have been lead to potential crash. Expected results: Added check for 'total' variable before division operation to fill 'colormap' fields in 'cinfo'
Patch has been provided in attachment.
Divide by zero is a non-exploitable condition so this bug does not need to be hidden.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash, csectype-dos
I reported the same issue to "jpegclub.org" several weeks about libjpeg 9a and got the response: If it is clear from the circumstances that the divisor can't be zero, then there is no issue here. A static analyzer, as the name suggests, has limited scope and can't assess all circumstances properly.
Does this still reproduce?
You need to log in before you can comment on or make changes to this bug.