From b87fd1d8fd0b0c5f77094166c43e4fd77ee1ba3c Mon Sep 17 00:00:00 2001
From: Syping <syping@syping.de>
Date: Mon, 10 Nov 2025 20:16:25 +0100
Subject: [PATCH] libragephoto: fix memory issues with Jpeg saving

- RagePhoto.c: return PHOTOREADERROR when no Jpeg is being set when
ragephotodata_savef is being called with Jpeg format
- RagePhoto.cpp: return PhotoReadError when no Jpeg is being set when
RagePhoto::save is being called with Jpeg format
---
 src/core/RagePhoto.c   | 12 ++++++++----
 src/core/RagePhoto.cpp | 12 ++++++++----
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/core/RagePhoto.c b/src/core/RagePhoto.c
index f3da886..a0fe93c 100644
--- a/src/core/RagePhoto.c
+++ b/src/core/RagePhoto.c
@@ -972,10 +972,14 @@ bool ragephotodata_savef(RagePhotoData *rp_data, RagePhotoFormatParser *rp_parse
 #endif
     }
     else if (photoFormat == RAGEPHOTO_FORMAT_JPEG) {
-        const size_t length = ragephotodata_getsavesizef(rp_data, NULL, photoFormat);
-        size_t pos = 0;
-
-        writeBuffer(rp_data->jpeg, data, &pos, length, rp_data->jpegSize);
+        if (rp_data->jpeg) {
+            size_t pos = 0;
+            writeBuffer(rp_data->jpeg, data, &pos, rp_data->jpegSize, rp_data->jpegSize);
+        }
+        else {
+            rp_data->error = RAGEPHOTO_ERROR_PHOTOREADERROR; // 17
+            return false;
+        }
 
         rp_data->error = RAGEPHOTO_ERROR_NOERROR; // 255
         return true;
diff --git a/src/core/RagePhoto.cpp b/src/core/RagePhoto.cpp
index 345836a..7a0b5e7 100644
--- a/src/core/RagePhoto.cpp
+++ b/src/core/RagePhoto.cpp
@@ -943,10 +943,14 @@ bool RagePhoto::save(char *data, uint32_t photoFormat, RagePhotoData *rp_data, R
 #endif
     }
     else if (photoFormat == PhotoFormat::JPEG) {
-        const size_t length = saveSize(photoFormat, rp_data, nullptr);
-        size_t pos = 0;
-
-        writeBuffer(rp_data->jpeg, data, &pos, length, rp_data->jpegSize);
+        if (rp_data->jpeg) {
+            size_t pos = 0;
+            writeBuffer(rp_data->jpeg, data, &pos, rp_data->jpegSize, rp_data->jpegSize);
+        }
+        else {
+            rp_data->error = Error::PhotoReadError; // 17
+            return false;
+        }
 
         rp_data->error = Error::NoError; // 255
         return true;