From 9a7dcca754d7045347ab2051c7e6d1e73ea478f4 Mon Sep 17 00:00:00 2001 From: tabudz Date: Wed, 11 Feb 2026 00:40:06 +0800 Subject: [PATCH] stb_image: Reject fractional JPEG component subsampling ratios The component resamplers are not written to support this and I've never seen it happen in a real (non-crafted) JPEG file so I'm fine rejecting this as outright corrupt. --- engine/3rdparty/stb_image.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/engine/3rdparty/stb_image.h b/engine/3rdparty/stb_image.h index 489e8e9e..605a043b 100644 --- a/engine/3rdparty/stb_image.h +++ b/engine/3rdparty/stb_image.h @@ -3247,6 +3247,13 @@ static int stbi__process_frame_header(stbi__jpeg* z, int scan) if (z->img_comp[i].v > v_max) v_max = z->img_comp[i].v; } + // check that plane subsampling factors are integer ratios; our resamplers can't deal with fractional ratios + // and I've never seen a non-corrupted JPEG file actually use them + for (i=0; i < s->img_n; ++i) { + if (h_max % z->img_comp[i].h != 0) return stbi__err("bad H","Corrupt JPEG"); + if (v_max % z->img_comp[i].v != 0) return stbi__err("bad V","Corrupt JPEG"); + } + // compute interleaved mcu info z->img_h_max = h_max; z->img_v_max = v_max;