security fix for
CVE-2012-3535 openjpeg: heap-based buffer overflow when decoding jpeg2000 file ok sthen@ (MAINTAINER)
This commit is contained in:
jasper
parent
806fab0933
commit
9daa86fc47
@ -1,9 +1,9 @@
|
||||
# $OpenBSD: Makefile,v 1.10 2012/07/16 12:54:33 ajacoutot Exp $
|
||||
# $OpenBSD: Makefile,v 1.11 2012/09/17 12:31:35 jasper Exp $
|
||||
|
||||
COMMENT= open-source JPEG 2000 codec library
|
||||
|
||||
DISTNAME= openjpeg-1.5.0
|
||||
REVISION= 2
|
||||
REVISION= 3
|
||||
|
||||
SHARED_LIBS += openjpeg 5.0 # 6.0
|
||||
|
||||
|
||||
@ -1,10 +1,25 @@
|
||||
$OpenBSD: patch-libopenjpeg_j2k_c,v 1.2 2012/07/11 08:46:46 jasper Exp $
|
||||
$OpenBSD: patch-libopenjpeg_j2k_c,v 1.3 2012/09/17 12:31:35 jasper Exp $
|
||||
|
||||
http://code.google.com/p/openjpeg/source/detail?r=1727 (CVE-2012-3358)
|
||||
http://code.google.com/p/openjpeg/source/detail?r=1919 (CVE-2012-3535)
|
||||
|
||||
--- libopenjpeg/j2k.c.orig Wed Jul 11 10:17:02 2012
|
||||
+++ libopenjpeg/j2k.c Wed Jul 11 10:19:48 2012
|
||||
@@ -1269,7 +1269,7 @@ static void j2k_read_sot(opj_j2k_t *j2k) {
|
||||
--- libopenjpeg/j2k.c.orig Tue Feb 7 11:49:55 2012
|
||||
+++ libopenjpeg/j2k.c Mon Sep 17 13:56:12 2012
|
||||
@@ -685,6 +685,13 @@ static void j2k_read_cox(opj_j2k_t *j2k, int compno) {
|
||||
j2k->state |= J2K_STATE_ERR;
|
||||
}
|
||||
|
||||
+ if( tccp->numresolutions > J2K_MAXRLVLS ) {
|
||||
+ opj_event_msg(j2k->cinfo, EVT_ERROR, "Error decoding component %d.\nThe number of resolutions is too big: %d vs max= %d. Truncating.\n\n",
|
||||
+ compno, tccp->numresolutions, J2K_MAXRLVLS);
|
||||
+ j2k->state |= J2K_STATE_ERR;
|
||||
+ tccp->numresolutions = J2K_MAXRLVLS;
|
||||
+ }
|
||||
+
|
||||
tccp->cblkw = cio_read(cio, 1) + 2; /* SPcox (E) */
|
||||
tccp->cblkh = cio_read(cio, 1) + 2; /* SPcox (F) */
|
||||
tccp->cblksty = cio_read(cio, 1); /* SPcox (G) */
|
||||
@@ -1269,7 +1276,7 @@ static void j2k_read_sot(opj_j2k_t *j2k) {
|
||||
static int backup_tileno = 0;
|
||||
|
||||
/* tileno is negative or larger than the number of tiles!!! */
|
||||
@ -13,7 +28,7 @@ http://code.google.com/p/openjpeg/source/detail?r=1727 (CVE-2012-3358)
|
||||
opj_event_msg(j2k->cinfo, EVT_ERROR,
|
||||
"JPWL: bad tile number (%d out of a maximum of %d)\n",
|
||||
tileno, (cp->tw * cp->th));
|
||||
@@ -1286,8 +1286,18 @@ static void j2k_read_sot(opj_j2k_t *j2k) {
|
||||
@@ -1286,8 +1293,18 @@ static void j2k_read_sot(opj_j2k_t *j2k) {
|
||||
|
||||
/* keep your private count of tiles */
|
||||
backup_tileno++;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user