File libjpeg-turbo-CVE-2017-15232.patch of Package libjpeg-turbo.openSUSE_Leap_42.3_Update

Index: libjpeg-turbo-1.5.2/jdpostct.c
===================================================================
--- libjpeg-turbo-1.5.2.orig/jdpostct.c	2017-07-07 22:31:10.000000000 +0200
+++ libjpeg-turbo-1.5.2/jdpostct.c	2017-10-12 13:02:48.572975302 +0200
@@ -132,6 +132,11 @@ post_process_1pass (j_decompress_ptr cin
   my_post_ptr post = (my_post_ptr) cinfo->post;
   JDIMENSION num_rows, max_rows;
 
+  /* read_and_discard_scanlines may call it with rows "available", but no buffer */
+  if (output_buf == NULL) {
+    return;
+  }
+
   /* Fill the buffer, but not more than what we can dump out in one go. */
   /* Note we rely on the upsampler to detect bottom of image. */
   max_rows = out_rows_avail - *out_row_ctr;
Index: libjpeg-turbo-1.5.2/jquant1.c
===================================================================
--- libjpeg-turbo-1.5.2.orig/jquant1.c	2017-07-07 22:31:10.000000000 +0200
+++ libjpeg-turbo-1.5.2/jquant1.c	2017-10-12 13:02:48.572975302 +0200
@@ -531,6 +531,10 @@ quantize_ord_dither (j_decompress_ptr ci
   JDIMENSION col;
   JDIMENSION width = cinfo->output_width;
 
+  if (output_buf == NULL && num_rows) {
+    ERREXIT(cinfo, JERR_BAD_PARAM);
+  }
+
   for (row = 0; row < num_rows; row++) {
     /* Initialize output values to 0 so can process components separately */
     jzero_far((void *) output_buf[row], (size_t) (width * sizeof(JSAMPLE)));
Index: libjpeg-turbo-1.5.2/jerror.h
===================================================================
--- libjpeg-turbo-1.5.2.orig/jerror.h	2017-07-07 22:31:10.000000000 +0200
+++ libjpeg-turbo-1.5.2/jerror.h	2017-10-12 13:24:01.349954012 +0200
@@ -208,6 +208,7 @@ JMESSAGE(JERR_NO_ARITH_TABLE, "Arithmeti
 JMESSAGE(JWRN_ARITH_BAD_CODE, "Corrupt JPEG data: bad arithmetic code")
 #endif
 #endif
+JMESSAGE(JERR_BAD_PARAM, "Bogus parameter")
 
 #ifdef JMAKE_ENUM_LIST