From 1db6c316321a64eaff971cbadf6a8b954d263dd6 Mon Sep 17 00:00:00 2001 From: DichenZhang1 <140119224+DichenZhang1@users.noreply.github.com> Date: Fri, 29 Aug 2025 22:49:32 -0700 Subject: [PATCH 1/3] Catch potential memory corruption in applyGainmap() call --- lib/src/jpegr.cpp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/src/jpegr.cpp b/lib/src/jpegr.cpp index 8ce700fb..bebfa690 100644 --- a/lib/src/jpegr.cpp +++ b/lib/src/jpegr.cpp @@ -1444,8 +1444,16 @@ uhdr_error_info_t JpegR::decodeJPEGR(uhdr_compressed_image_t* uhdr_compressed_im return g_no_error; } - UHDR_ERR_CHECK(applyGainMap(&sdr_intent, &gainmap, &uhdr_metadata, output_ct, output_format, - max_display_boost, dest)); + try { + UHDR_ERR_CHECK(applyGainMap(&sdr_intent, &gainmap, &uhdr_metadata, output_ct, output_format, + max_display_boost, dest)); + } catch (const std::out_of_range& e) { + uhdr_error_info_t status; + status.error_code = UHDR_CODEC_MEM_ERROR; + status.has_detail = 1; + snprintf(status.detail, sizeof status.detail, "The output buffer size is too small."); + return status; + } return g_no_error; } From 498eead866f69bc1a10dcdd3b883884f1582402a Mon Sep 17 00:00:00 2001 From: DichenZhang1 <140119224+DichenZhang1@users.noreply.github.com> Date: Fri, 29 Aug 2025 23:01:28 -0700 Subject: [PATCH 2/3] Update jpegr.cpp --- lib/src/jpegr.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/src/jpegr.cpp b/lib/src/jpegr.cpp index bebfa690..eec8ee7f 100644 --- a/lib/src/jpegr.cpp +++ b/lib/src/jpegr.cpp @@ -1451,7 +1451,7 @@ uhdr_error_info_t JpegR::decodeJPEGR(uhdr_compressed_image_t* uhdr_compressed_im uhdr_error_info_t status; status.error_code = UHDR_CODEC_MEM_ERROR; status.has_detail = 1; - snprintf(status.detail, sizeof status.detail, "The output buffer size is too small."); + snprintf(status.detail, sizeof status.detail, "The output buffer size is too small: " + e.what()); return status; } From 54e8d122bacab7043a882bbbc6a5c30d5e3560b5 Mon Sep 17 00:00:00 2001 From: DichenZhang1 <140119224+DichenZhang1@users.noreply.github.com> Date: Fri, 29 Aug 2025 23:17:17 -0700 Subject: [PATCH 3/3] Update jpegr.cpp --- lib/src/jpegr.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/src/jpegr.cpp b/lib/src/jpegr.cpp index eec8ee7f..d1fe165a 100644 --- a/lib/src/jpegr.cpp +++ b/lib/src/jpegr.cpp @@ -25,6 +25,7 @@ #include #include #include +#include #include #include "ultrahdr/editorhelper.h" @@ -1451,7 +1452,7 @@ uhdr_error_info_t JpegR::decodeJPEGR(uhdr_compressed_image_t* uhdr_compressed_im uhdr_error_info_t status; status.error_code = UHDR_CODEC_MEM_ERROR; status.has_detail = 1; - snprintf(status.detail, sizeof status.detail, "The output buffer size is too small: " + e.what()); + snprintf(status.detail, sizeof status.detail, "The output buffer size is too small: %s", e.what()); return status; }