[FreeNX-kNX] Buffer overrun in nxcompext
Peter Fales
psfales at lucent.com
Fri Jul 21 23:13:08 UTC 2006
I can't find anyway for unregistered users to submit bug reports at
nomachine.com, and perhaps this would be of interest to others. I
noticed that nxagent was sometimes printing
******JpegCompressedData: PANIC! Compression failed.
when running a browser and visiting certain sites. (msn.com seems
to be one particular culprit)
I spent a few hours tracking it down and found that certain kinds
of images don't compress very well. If you have an image which
is very wide, but only 1 pixel high, the "compressed" image is
actually larger than the original. Jpeg.c includes some padding in the
output buffer to allow for this, but the 256 bytes of padding is not
always enough, and it's possible for the "compressed" data to overrun
the end of the buffer. I was able to eliminate the errors with this patch:
--- Jpeg.c.orig 2006-07-21 17:09:52.000000000 -0500
+++ Jpeg.c 2006-07-21 17:09:52.000000000 -0500
@@ -35,7 +35,7 @@
#undef TEST
#undef DEBUG
-#define JPEG_DEST_SIZE(width, height) ((width) * 3 * (height) + 256)
+#define JPEG_DEST_SIZE(width, height) ((width) * 3 * (height) + 512)
/*
* Local function prototypes.
--
Peter Fales
Lucent Technologies
Member of Technical Staff
2000 Lucent Lane
Room: 1C-436
Naperville, IL 60566-7033
Email: psfales at lucent.com
Phone: 630 979 8031
More information about the FreeNX-kNX
mailing list