Bug 617469 - Invalid huffman code crashes libjpeg-turbo
Summary: Invalid huffman code crashes libjpeg-turbo
Alias: None
Product: Fedora
Classification: Fedora
Component: libjpeg-turbo
Version: 14
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Adam Tkac
QA Contact: Fedora Extras Quality Assurance
: 622982 622985 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2010-07-23 07:20 UTC by Christophe GRENIER
Modified: 2013-04-30 23:46 UTC (History)
4 users (show)

Clone Of:
Last Closed: 2010-08-04 09:06:46 UTC

Attachments (Terms of Use)
Invalid jpeg that crashes libjpeg-turbo (36.00 KB, image/jpeg)
2010-07-23 07:20 UTC, Christophe GRENIER
no flags Details

Description Christophe GRENIER 2010-07-23 07:20:38 UTC
Created attachment 433884 [details]
Invalid jpeg that crashes libjpeg-turbo

Description of problem:
Broken jpeg containing invalid huffman code crashes libjpeg-turbo

Version-Release number of selected component (if applicable): svn version (revision 219, 8 Jul 2010)

How reproducible: Always

Steps to Reproduce:
./djpeg crash_20100701.jpg > 1
Segmentation fault (core dumped)

For Fedora 14, we need to revert to libjpeg because libjpeg-turbo has hit this serious problem (Unless this bug is fixed...)

Additional info:
Bug has been reported upstream: http://sourceforge.net/tracker/?func=detail&aid=3023672&group_id=303195&atid=1278158

Comment 1 Bug Zapper 2010-07-30 12:46:18 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.

More information and reason for this action is here:

Comment 2 Adam Tkac 2010-08-02 14:09:14 UTC
Fix for this issue has been committed to upstream but there is another small regression; fixed libjpeg-turbo doesn't emit warning message when it hits invalid huffman code. I will build fixed package when this issue gets fixed somehow.

Comment 3 Adam Tkac 2010-08-04 09:06:46 UTC
Fixed in libjpeg-turbo-1.0.0-3.fc14.

Comment 4 Siddhesh Poyarekar 2010-08-27 23:29:32 UTC
*** Bug 622982 has been marked as a duplicate of this bug. ***

Comment 5 Siddhesh Poyarekar 2010-08-27 23:33:11 UTC
*** Bug 622985 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.