Merge branch '1.2.x' into 1.3.x
diff --git a/ChangeLog.txt b/ChangeLog.txt
index 984b91d..55d5c35 100644
@@ -56,6 +56,15 @@
unencoded blocks. Thus, the Huffman local buffer was increased to 256 bytes,
which should prevent any such issue from re-occurring in the future.
+ Fixed an issue in the accelerated Huffman decoder that could have caused
+the decoder to read past the end of the input buffer when a malformed,
+specially-crafted JPEG image was being decompressed. In prior versions of
+libjpeg-turbo, the accelerated Huffman decoder was invoked (in most cases) only
+if there were > 128 bytes of data in the input buffer. However, it is possible
+to construct a JPEG image in which a single Huffman block is over 430 bytes
+long, so this version of libjpeg-turbo activates the accelerated Huffman
+decoder only if there are > 512 bytes of data in the input buffer.
diff --git a/jdhuff.c b/jdhuff.c
index b545e66..9a687d3 100644
@@ -4,7 +4,7 @@
* This file was part of the Independent JPEG Group's software:
* Copyright (C) 1991-1997, Thomas G. Lane.
* libjpeg-turbo Modifications:
- * Copyright (C) 2009-2011, D. R. Commander.
+ * Copyright (C) 2009-2011, 2016, D. R. Commander.
* For conditions of distribution and use, see the accompanying README file.
* This file contains Huffman entropy decoding routines.
@@ -743,7 +743,7 @@
* this module, since we'll just re-assign them on the next call.)
-#define BUFSIZE (DCTSIZE2 * 2)
+#define BUFSIZE (DCTSIZE2 * 8)
decode_mcu (j_decompress_ptr cinfo, JBLOCKROW *MCU_data)