From ddeba7ce765a30b6699eeb8fc0ed7f3f38397df1 Mon Sep 17 00:00:00 2001 From: icculus Date: Wed, 7 Sep 2005 18:29:03 +0000 Subject: Fixed buffer overflow in JPG decoder (thanks, Thilo Schulz!) git-svn-id: svn://svn.icculus.org/quake3/trunk@87 edf5b092-35ff-0310-97b2-ce42778d08ea --- code/renderer/tr_image.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'code') diff --git a/code/renderer/tr_image.c b/code/renderer/tr_image.c index edebb4b..68819ac 100644 --- a/code/renderer/tr_image.c +++ b/code/renderer/tr_image.c @@ -1438,9 +1438,13 @@ static void LoadJPG( const char *filename, unsigned char **pic, int *width, int * In this example, we need to make an output work buffer of the right size. */ /* JSAMPLEs per row in output buffer */ - row_stride = cinfo.output_width * cinfo.output_components; - out = ri.Malloc(cinfo.output_width*cinfo.output_height*cinfo.output_components); + // This row_stride from libjpeg's example code doesn't work, since we + // want to fill in an alpha channel ourselves and jpegs might be 8-bit. + //row_stride = cinfo.output_width * cinfo.output_components; + row_stride = cinfo.output_width * 4; + out = ri.Malloc(row_stride*cinfo.output_height); + *pic = out; *width = cinfo.output_width; -- cgit v1.2.3