pool/openjpeg2
SHA256
6
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openjpeg2/openjpeg2-CVE-2017-14151.patch
Ismail Dönmez 96b2424330 Accepting request 523789 from home:hpjansson:openjpeg2-cve-factory 
Add security fixes:
  openjpeg2-CVE-2016-10504.patch (CVE-2016-10504, bsc#1056351),
  openjpeg2-CVE-2016-10505.patch (CVE-2016-10505, bsc#1056363),
  openjpeg2-CVE-2016-10506.patch (CVE-2016-10506, bsc#1056396),
  openjpeg2-CVE-2017-12982.patch (CVE-2017-12982, bsc#1054696),
  openjpeg2-CVE-2017-14039.patch (CVE-2017-14039, CVE-2017-14164,
  bsc#1056622, bsc#1057511),
  openjpeg2-CVE-2017-14040.patch (CVE-2017-14040, bsc#1056621),
  openjpeg2-CVE-2017-14041.patch (CVE-2017-14041, bsc#1056562),
  openjpeg2-CVE-2017-14151.patch (CVE-2017-14151, bsc#1057336),
  openjpeg2-CVE-2017-14152.patch (CVE-2017-14152, bsc#1057335),
  most of which are critical, including heap and stack overwrites,
  over-reads and division by zero errors.

OBS-URL: https://build.opensuse.org/request/show/523789
OBS-URL: https://build.opensuse.org/package/show/graphics/openjpeg2?expand=0&rev=28
2017-09-13 14:11:10 +00:00

23 lines
1.1 KiB
Diff
Raw Blame History

diff --git a/src/lib/openjp2/tcd.c b/src/lib/openjp2/tcd.c
index 2e116b2..2f50bfe 100644
--- a/src/lib/openjp2/tcd.c
+++ b/src/lib/openjp2/tcd.c
@@ -1087,10 +1087,13 @@ static OPJ_BOOL opj_tcd_code_block_enc_allocate (opj_tcd_cblk_enc_t * p_code_blo
static OPJ_BOOL opj_tcd_code_block_enc_allocate_data (opj_tcd_cblk_enc_t * p_code_block)
{
OPJ_UINT32 l_data_size;
-
- /* The +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
- l_data_size = 1 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
- (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
+
+ /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
+ /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
+ /* TODO: is there a theoretical upper-bound for the compressed code */
+ /* block size ? */
+ l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
+ (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
if (l_data_size > p_code_block->data_size) {
if (p_code_block->data) {
Reference in New Issue View Git Blame Copy Permalink