commit 909a8cfc7bca9b2e6707425bdb74da997e8fa499
author DRC <information@libjpeg-turbo.org> Tue Jun 12 16:08:26 2018 -0500
committer DRC <information@libjpeg-turbo.org> Tue Jun 12 16:08:26 2018 -0500
tree 65d477b19eb6f8ceb5143c8d77d95ae8243d43a2
parent 3041cf67ffdc7230e377802cba0e5c325d6d01c6

Fix CVE-2018-11813

Refer to change log for details.

Fixes #242

rdtarga.c

diff --git a/rdtarga.c b/rdtarga.c
index ecb4219..e0c6947 100644
--- a/rdtarga.c
+++ b/rdtarga.c
@@ -126,11 +126,10 @@
 read_non_rle_pixel(tga_source_ptr sinfo)
 /* Read one Targa pixel from the input file; no RLE expansion */
 {
-  register FILE *infile = sinfo->pub.input_file;
   register int i;
 
   for (i = 0; i < sinfo->pixel_size; i++) {
-    sinfo->tga_pixel[i] = (U_CHAR)getc(infile);
+    sinfo->tga_pixel[i] = (U_CHAR)read_byte(sinfo);
   }
 }
 
@@ -139,7 +138,6 @@
 read_rle_pixel(tga_source_ptr sinfo)
 /* Read one Targa pixel from the input file, expanding RLE data as needed */
 {
-  register FILE *infile = sinfo->pub.input_file;
   register int i;
 
   /* Duplicate previously read pixel? */
@@ -161,7 +159,7 @@
 
   /* Read next pixel */
   for (i = 0; i < sinfo->pixel_size; i++) {
-    sinfo->tga_pixel[i] = (U_CHAR)getc(infile);
+    sinfo->tga_pixel[i] = (U_CHAR)read_byte(sinfo);
   }
 }