Wireshark-bugs: [Wireshark-bugs] [Bug 6230] Large JPEG files are not dissected
Date: Wed, 26 Sep 2012 13:04:29 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6230

Chris Maynard <christopher.maynard@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #9236|0                           |1
        is obsolete|                            |
   Attachment #9236|review_for_checkin?         |
              Flags|                            |
   Attachment #9238|                            |review_for_checkin?
              Flags|                            |

--- Comment #9 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2012-09-26 13:04:28 PDT ---
Created attachment 9238
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=9238
Allow dissection of large jpegs that may have been truncated.

>From section 6.4 of the JPEG File Interchange Format (JFIF), located at
http://www.ecma-international.org/publications/files/ECMA-TR/TR-098.pdf:

        The JPEG FIF APP0 marker is mandatory right after the SOI marker.
        The JFIF APP0 marker is identified by a zero terminated string: "JFIF".

This new patch, made against trunk SVN 45148, will allow truncated jpegs to be
dissected, as much as is currently supported at least, whether they are
strictly jpeg files are jpeg's that were transmitted over http.  This is done
by changing the heuristics to look for the mandatory "JFIF" APP0 marker instead
of the MARKER_EOI marker.

If there are no objections, I'll commit this patch soon, likely tomorrow ...

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.