JPGLoader: Check existence of Huffman tables in scan header segment (#3442)

DC and AC table IDs read in the scan header segment weren't validated against the IDs of Huffman tables read in the DHT segment. This caused an OOB read when a Huffman table was accessed using the ID read in the scan header segment. Furthermore, the decoder now replaces the old DC or AC table if a redefinition has been found prior to the scan header. Fixes #3439.
author: Devashish Jaiswal <devashishjaiswal86@gmail.com> 2020-09-10 14:50:04 +0530
committer: GitHub <noreply@github.com> 2020-09-10 11:20:04 +0200
commit: 2a3166e52310c886fe1f60b08bc1ceba3353532a (patch)
tree: 20701ca3dca6ccf798ed915faa2d859dbb96546a /Base
parent: d830c107cef94dce55ed41380114ac799d0c5eb2 (diff)
download: serenity-2a3166e52310c886fe1f60b08bc1ceba3353532a.zip
2 files changed, 2 insertions, 0 deletions
diff --git a/Base/res/html/misc/jpg.html b/Base/res/html/misc/jpg.html
index 11f199eabc..2f684fa721 100644
--- a/Base/res/html/misc/jpg.html
+++ b/Base/res/html/misc/jpg.html
@@ -6,6 +6,8 @@
 </head>
 <body>
 <div>
+    <h3>Issue-3439</h3>
+    <img alt="lena" src="jpgsuite_files/offending-3439.jpg"/><br>
     <h3>Non-subsampled Lena</h3> <br>
     <img alt="lena" src="jpgsuite_files/non-subsampled-lena.jpg"/> <br>
     <h3>Chroma Horizontally Halved Lena</h3> <br>
diff --git a/Base/res/html/misc/jpgsuite_files/offending-3439.jpg b/Base/res/html/misc/jpgsuite_files/offending-3439.jpg
new file mode 100644
index 0000000000..ad0d22c5fa
--- /dev/null
+++ b/Base/res/html/misc/jpgsuite_files/offending-3439.jpg
author	Devashish Jaiswal <devashishjaiswal86@gmail.com>	2020-09-10 14:50:04 +0530
committer	GitHub <noreply@github.com>	2020-09-10 11:20:04 +0200
commit	2a3166e52310c886fe1f60b08bc1ceba3353532a (patch)
tree	20701ca3dca6ccf798ed915faa2d859dbb96546a /Base
parent	d830c107cef94dce55ed41380114ac799d0c5eb2 (diff)
download	serenity-2a3166e52310c886fe1f60b08bc1ceba3353532a.zip