ref: d3243530d709296231a6e29d9047c5692c5fddc3
parent: 845db4c37263c473bde38b23349a33202d92d066
author: cinap_lenrek <[email protected]>
date: Tue May 29 13:53:49 EDT 2012
jpg: fix memory corruption
--- a/sys/src/cmd/jpg/readjpg.c
+++ b/sys/src/cmd/jpg/readjpg.c
@@ -488,8 +488,10 @@
/* flow chart C-2 */
nsize = 0;
- for(i=0; i<16; i++)
- nsize += b[1+i];
+ for(i=1; i<=16; i++)
+ nsize += b[i];
+ if(nsize == 0)
+ return 0;
t->size = jpgmalloc(h, (nsize+1)*sizeof(int), 1);
k = 0;
for(i=1; i<=16; i++){