From e9d8edec450a97a0b8741273bb5d5e90fb94c821 Mon Sep 17 00:00:00 2001 From: Cyril Hrubis Date: Wed, 9 Dec 2015 14:47:15 +0100 Subject: [PATCH] loaders: JPG: Fix read callback Apparently when I/O read callback returns buffer of size 0 the libjpeg segfaults. So we now return FALSE from the callback even when read returns 0, which means end of the file when the underlying I/O is file based. Special thanks to the american fuzzy lop (afl). Signed-off-by: Cyril Hrubis --- libs/loaders/GP_JPG.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libs/loaders/GP_JPG.c b/libs/loaders/GP_JPG.c index 4921f246..9ac46300 100644 --- a/libs/loaders/GP_JPG.c +++ b/libs/loaders/GP_JPG.c @@ -156,8 +156,8 @@ static boolean fill_input_buffer(struct jpeg_decompress_struct *cinfo) ret = GP_IORead(src->io, src->buffer, src->size); - if (ret < 0) { - GP_WARN("Failed to fill buffer"); + if (ret <= 0) { + GP_WARN("Failed to fill buffer, IORead returned %i", ret); return FALSE; } -- 2.11.4.GIT