4c73673fd8
- security update - added patches fix CVE-2022-1210 [bsc#1198146], Malicious file leads to a denial of service in TIFF File Handler + jbigkit-CVE-2022-1210.patch OBS-URL: https://build.opensuse.org/request/show/1134021 OBS-URL: https://build.opensuse.org/package/show/graphics/jbigkit?expand=0&rev=19
37 lines
1.4 KiB
Diff
37 lines
1.4 KiB
Diff
Index: jbigkit-2.1/libjbig/jbig.c
|
|
===================================================================
|
|
--- jbigkit-2.1.orig/libjbig/jbig.c
|
|
+++ jbigkit-2.1/libjbig/jbig.c
|
|
@@ -2051,6 +2051,7 @@ void jbg_dec_init(struct jbg_dec_state *
|
|
s->xmax = 4294967295UL;
|
|
s->ymax = 4294967295UL;
|
|
s->dmax = 256;
|
|
+ s->maxmem = 2000000000; /* no final image larger than 2 GB by default */
|
|
s->s = NULL;
|
|
|
|
return;
|
|
@@ -2640,6 +2641,10 @@ int jbg_dec_in(struct jbg_dec_state *s,
|
|
return JBG_EIMPL | 5;
|
|
s->options = s->buffer[19];
|
|
|
|
+ /* will the final image require more bytes than permitted by s->maxmem? */
|
|
+ if (s->maxmem / s->planes / s->yd / jbg_ceil_half(s->xd, 3) == 0)
|
|
+ return JBG_ENOMEM; /* increase s->maxmem if needed */
|
|
+
|
|
/* calculate number of stripes that will be required */
|
|
s->stripes = jbg_stripes(s->l0, s->yd, s->d);
|
|
|
|
Index: jbigkit-2.1/libjbig/jbig.h
|
|
===================================================================
|
|
--- jbigkit-2.1.orig/libjbig/jbig.h
|
|
+++ jbigkit-2.1/libjbig/jbig.h
|
|
@@ -181,6 +181,8 @@ struct jbg_dec_state {
|
|
unsigned long xmax, ymax; /* if possible abort before image gets *
|
|
* larger than this size */
|
|
int dmax; /* abort after this layer */
|
|
+ size_t maxmem; /* return JBG_ENOMEM if final image layer D
|
|
+ would require more than maxmem bytes */
|
|
};
|
|
|
|
|