Closed Bug 134556 Opened 18 years ago Closed 16 years ago

nsJPEGDecoder::Init may start writing to random memory locations?

Categories

(Core :: ImageLib, defect)

x86
Linux
defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 223702
mozilla1.0.1

People

(Reporter: mozilla-bugs, Assigned: pavlov)

Details

(Whiteboard: easy)

I noticed a compiler warning:

modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp:133
 `struct decoder_source_mgr * src' might be used uninitialized in this function

When looking at the code, I see in nsJPEGDecoder::Init :

  ...
  /* Step 1: allocate and initialize JPEG decompression object */
  jpeg_create_decompress(&mInfo);

  decoder_source_mgr *src;
  if (mInfo.src == NULL) {
     ...
  }

  /* Step 2: specify data source (eg, a file) */

  /* Setup callback functions. */
  src->pub.init_source = init_source;
  src->pub.fill_input_buffer = fill_input_buffer;
  src->pub.skip_input_data = skip_input_data;
  src->pub.resync_to_restart = jpeg_resync_to_restart;
  src->pub.term_source = term_source;

  src->decoder = this;
  ...

If I am reading this correctly, it means that if mInfo.src happens to be
non-null, it will attempt to modify memory pointed by the src variable that was
never initialized!
Blocks: 59652
Status: NEW → ASSIGNED
Whiteboard: easy
Target Milestone: --- → mozilla1.0.1
sorry

*** This bug has been marked as a duplicate of 223702 ***
No longer blocks: 59652
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.