Petr Gajdos
5ce7ee4837
- added patches fix CVE-2020-13790 [bsc#1172491], heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file + libjpeg-turbo-CVE-2020-13790.patch OBS-URL: https://build.opensuse.org/package/show/graphics/libjpeg-turbo?expand=0&rev=108
13 lines
574 B
Diff
13 lines
574 B
Diff
--- a/rdppm.c
|
|
+++ b/rdppm.c
|
|
@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
|
|
/* On 16-bit-int machines we have to be careful of maxval = 65535 */
|
|
source->rescale = (JSAMPLE *)
|
|
(*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
|
|
- (size_t)(((long)maxval + 1L) *
|
|
+ (size_t)(((long)MAX(maxval, 255) + 1L) *
|
|
sizeof(JSAMPLE)));
|
|
half_maxval = maxval / 2;
|
|
for (val = 0; val <= (long)maxval; val++) {
|
|
|