Petr Gajdos
741902d408
- added patches fix CVE-2023-2804 [bsc#1211542], heap-buffer-overflow in h2v2_merged_upsample_internal() at /libjpeg-turbo/jdmrgext.c + libjpeg-turbo-CVE-2023-2804.patch OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=142
15 lines
575 B
Diff
15 lines
575 B
Diff
Index: libjpeg-turbo-2.1.5.1/jdmaster.c
|
|
===================================================================
|
|
--- libjpeg-turbo-2.1.5.1.orig/jdmaster.c
|
|
+++ libjpeg-turbo-2.1.5.1/jdmaster.c
|
|
@@ -33,6 +33,9 @@ LOCAL(boolean)
|
|
use_merged_upsample(j_decompress_ptr cinfo)
|
|
{
|
|
#ifdef UPSAMPLE_MERGING_SUPPORTED
|
|
+ /* Colorspace conversion is not supported with lossless JPEG images */
|
|
+ if (cinfo->master->lossless)
|
|
+ return FALSE;
|
|
/* Merging is the equivalent of plain box-filter upsampling */
|
|
if (cinfo->do_fancy_upsampling || cinfo->CCIR601_sampling)
|
|
return FALSE;
|