3fee1869be
* CVE-2025-2357.patch OBS-URL: https://build.opensuse.org/package/show/KDE:Extra/dcmtk?expand=0&rev=102
50 lines
1.6 KiB
Diff
50 lines
1.6 KiB
Diff
From 69a6690db71927e02a6fb6ee655cb449f0431466 Mon Sep 17 00:00:00 2001
|
|
From: Marco Eichelberg <eichelberg@offis.de>
|
|
Date: Mon, 3 Mar 2025 12:33:18 +0100
|
|
Subject: [PATCH] Fixed segfault in JPEG-LS decoder.
|
|
|
|
Fixed a bug in the JPEG-LS decoder that led to a segmentation fault if invalid
|
|
input data was processed, due to insufficient validation of input data.
|
|
|
|
Thanks to Ding zhengzheng <xiaozheng.ding399@gmail.com> for the report
|
|
and the sample file (PoC).
|
|
|
|
This closes DCMTK issue #1155.
|
|
---
|
|
dcmjpls/libcharls/scan.h | 12 +++++++++++-
|
|
1 file changed, 11 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/dcmjpls/libcharls/scan.h b/dcmjpls/libcharls/scan.h
|
|
index b4dea20..d6dfa5a 100644
|
|
--- a/dcmjpls/libcharls/scan.h
|
|
+++ b/dcmjpls/libcharls/scan.h
|
|
@@ -629,14 +629,24 @@ void JlsCodec<TRAITS,STRATEGY>::DoLine(SAMPLE*)
|
|
LONG index = 0;
|
|
LONG Rb = _previousLine[index-1];
|
|
LONG Rd = _previousLine[index];
|
|
+ LONG RANGE_UPPER = 1 << traits.bpp;
|
|
+ LONG RANGE_LOWER = - RANGE_UPPER;
|
|
|
|
while(index < _width)
|
|
- {
|
|
+ {
|
|
LONG Ra = _currentLine[index -1];
|
|
LONG Rc = Rb;
|
|
Rb = Rd;
|
|
Rd = _previousLine[index + 1];
|
|
|
|
+ // make sure that values are not out of range
|
|
+ if ( (Rd - Rb < RANGE_LOWER) || (Rd - Rb > RANGE_UPPER)
|
|
+ || (Rb - Rc < RANGE_LOWER) || (Rb - Rc > RANGE_UPPER)
|
|
+ || (Rc - Ra < RANGE_LOWER) || (Rc - Ra > RANGE_UPPER))
|
|
+ {
|
|
+ throw JlsException(InvalidCompressedData);
|
|
+ }
|
|
+
|
|
LONG Qs = ComputeContextID(QuantizeGratient(Rd - Rb), QuantizeGratient(Rb - Rc), QuantizeGratient(Rc - Ra));
|
|
|
|
if (Qs != 0)
|
|
--
|
|
2.48.1
|
|
|