sync with Fedora

Update to 2.4.0 Apply proposed patches for CVE-2021-29338 and a heap buffer overflow (#1957616)
author: Remi Collet <remi@remirepo.net> 2021-05-31 14:07:41 +0200
committer: Remi Collet <remi@remirepo.net> 2021-05-31 14:07:41 +0200
commit: ec030379984fe4becf3f014e31e66e2b25539039 (patch)
tree: 1cab3215bbad05c5414e6fa24f059ffe96d27fd1 /heap-buffer-overflow.patch
parent: aa3cad9000d51a3aae7dd04933776c7efd7f3b87 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/heap-buffer-overflow.patch b/heap-buffer-overflow.patch
new file mode 100644
index 0000000..6dcd51a
--- /dev/null
+++ b/heap-buffer-overflow.patch
@@ -0,0 +1,22 @@
+diff -rupN --no-dereference openjpeg-2.4.0/src/bin/common/color.c openjpeg-2.4.0-new/src/bin/common/color.c
+--- openjpeg-2.4.0/src/bin/common/color.c	2020-12-28 21:59:39.000000000 +0100
++++ openjpeg-2.4.0-new/src/bin/common/color.c	2021-05-27 23:46:46.961130438 +0200
+@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t *
+ 
+             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ 
+-            ++y;
++            if (*y != img->comps[0].data[loopmaxh])
++                ++y;
+             ++r;
+             ++g;
+             ++b;
+-            ++cb;
+-            ++cr;
++            if (*cb != img->comps[1].data[loopmaxh])
++                ++cb;
++            if (*cr != img->comps[2].data[loopmaxh])
++                ++cr;
+         }
+         if (j < maxw) {
+             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
author	Remi Collet <remi@remirepo.net>	2021-05-31 14:07:41 +0200
committer	Remi Collet <remi@remirepo.net>	2021-05-31 14:07:41 +0200
commit	ec030379984fe4becf3f014e31e66e2b25539039 (patch)
tree	1cab3215bbad05c5414e6fa24f059ffe96d27fd1 /heap-buffer-overflow.patch
parent	aa3cad9000d51a3aae7dd04933776c7efd7f3b87 (diff)