96b2424330
Add security fixes: openjpeg2-CVE-2016-10504.patch (CVE-2016-10504, bsc#1056351), openjpeg2-CVE-2016-10505.patch (CVE-2016-10505, bsc#1056363), openjpeg2-CVE-2016-10506.patch (CVE-2016-10506, bsc#1056396), openjpeg2-CVE-2017-12982.patch (CVE-2017-12982, bsc#1054696), openjpeg2-CVE-2017-14039.patch (CVE-2017-14039, CVE-2017-14164, bsc#1056622, bsc#1057511), openjpeg2-CVE-2017-14040.patch (CVE-2017-14040, bsc#1056621), openjpeg2-CVE-2017-14041.patch (CVE-2017-14041, bsc#1056562), openjpeg2-CVE-2017-14151.patch (CVE-2017-14151, bsc#1057336), openjpeg2-CVE-2017-14152.patch (CVE-2017-14152, bsc#1057335), most of which are critical, including heap and stack overwrites, over-reads and division by zero errors. OBS-URL: https://build.opensuse.org/request/show/523789 OBS-URL: https://build.opensuse.org/package/show/graphics/openjpeg2?expand=0&rev=28
24 lines
980 B
Diff
24 lines
980 B
Diff
commit 0a915d5e6b49c8428a28d0b858b9e274851b4b1c
|
|
Author: Hans Petter Jansson <hpj@cl.no>
|
|
Date: Fri Sep 8 00:22:18 2017 +0200
|
|
|
|
openjpeg2-CVE-2016-10504.patch
|
|
|
|
diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
|
|
index 985ac5f..2e116b2 100644
|
|
--- a/src/lib/openjp2/tcd.c
|
|
+++ b/src/lib/openjp2/tcd.c
|
|
@@ -1088,8 +1088,10 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate_data (opj_tcd_cblk_enc_t * p_cod
|
|
{
|
|
OPJ_UINT32 l_data_size;
|
|
|
|
- l_data_size = (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
|
|
-
|
|
+ /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
|
|
+ l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
|
|
+ (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
|
|
+
|
|
if (l_data_size > p_code_block->data_size) {
|
|
if (p_code_block->data) {
|
|
opj_free(p_code_block->data - 1); /* again, why -1 */
|