Commit b35be8c9 authored by Paolo Bacchilega's avatar Paolo Bacchilega

jpeg loader: call alloc_sarray before jpeg_start_decompress

to avoid possible out-of-memory errors.
parent 926b3239
......@@ -221,10 +221,13 @@ _cairo_image_surface_create_from_jpeg (GInputStream *istream,
if (srcinfo.scale_denom == 0)
srcinfo.scale_denom = srcinfo.scale_num;
jpeg_calc_output_dimensions (&srcinfo);
}
jpeg_calc_output_dimensions (&srcinfo);
buffer_stride = srcinfo.output_width * srcinfo.output_components;
buffer = (*srcinfo.mem->alloc_sarray) ((j_common_ptr) &srcinfo, JPOOL_IMAGE, buffer_stride, srcinfo.rec_outbuf_height);
jpeg_start_decompress (&srcinfo);
orientation = _jpeg_exif_orientation (in_buffer, in_buffer_size);
......@@ -257,9 +260,6 @@ _cairo_image_surface_create_from_jpeg (GInputStream *istream,
metadata = _cairo_image_surface_get_metadata (surface);
metadata->has_alpha = FALSE;
buffer_stride = srcinfo.output_width * srcinfo.output_components;
buffer = (*srcinfo.mem->alloc_sarray) ((j_common_ptr) &srcinfo, JPOOL_IMAGE, buffer_stride, srcinfo.rec_outbuf_height);
surface_row = _cairo_image_surface_flush_and_get_data (surface) + line_start;
switch (srcinfo.out_color_space) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment