I encountered many crashes when scanning for new content with the "Local information only" scraper and a large movie collection prepared with MediaElch.
Images with a size near the maxtexsize of 2048 (e.g. 1600x1959) cause a segfault in CJpegIO::Decode. This happens because images are scaled too large for the maximum of 2048 allocated lines. The real culprit is a buggy for-loop in CJpegIO::Read.
Looping over m_cinfo.scale_num results in an end value of 9 instead of 8, if the loop exits normally. Thus the images are generally too large unless a condition is met which breaks the loop.
Solution and morale: Always use a dedicated loop control variable.
Patch:
Cheers,
Torsten
Images with a size near the maxtexsize of 2048 (e.g. 1600x1959) cause a segfault in CJpegIO::Decode. This happens because images are scaled too large for the maximum of 2048 allocated lines. The real culprit is a buggy for-loop in CJpegIO::Read.
Looping over m_cinfo.scale_num results in an end value of 9 instead of 8, if the loop exits normally. Thus the images are generally too large unless a condition is met which breaks the loop.
Solution and morale: Always use a dedicated loop control variable.
Patch:
Code:
diff --git a/xbmc/guilib/JpegIO.cpp b/xbmc/guilib/JpegIO.cpp
index 314e1fd..1123c1b 100644
--- a/xbmc/guilib/JpegIO.cpp
+++ b/xbmc/guilib/JpegIO.cpp
@@ -374,8 +374,10 @@ bool CJpegIO::Read(unsigned char* buffer, unsigned int bufSize,
m_cinfo.scale_denom = 8;
m_cinfo.out_color_space = JCS_RGB;
unsigned int maxtexsize = g_Windowing.GetMaxTextureSize();
- for (m_cinfo.scale_num = 1; m_cinfo.scale_num <= 8; m_cinfo.scale_num++)
+
+ for (unsigned int i = 1; i <= 8; i++)
{
+ m_cinfo.scale_num = i;
jpeg_calc_output_dimensions(&m_cinfo);
if ((m_cinfo.output_width > maxtexsize) || (m_cinfo.output_height > maxtexsiz
{Cheers,
Torsten
