diff options
author | Remi Collet <remi@remirepo.net> | 2020-12-10 14:36:36 +0100 |
---|---|---|
committer | Remi Collet <remi@remirepo.net> | 2020-12-10 14:36:36 +0100 |
commit | aa3cad9000d51a3aae7dd04933776c7efd7f3b87 (patch) | |
tree | 7b1eaecd125bae341253daa34c9b42ebb9e677d4 /openjpeg2_CVE-2020-27814.patch | |
parent | 5744a984a6abbd8f91defd34cef5a741c02df567 (diff) |
sync with Fedora
Backport patches for CVE-2020-27824 and CVE-2020-27823
Diffstat (limited to 'openjpeg2_CVE-2020-27814.patch')
-rw-r--r-- | openjpeg2_CVE-2020-27814.patch | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/openjpeg2_CVE-2020-27814.patch b/openjpeg2_CVE-2020-27814.patch new file mode 100644 index 0000000..cbb8007 --- /dev/null +++ b/openjpeg2_CVE-2020-27814.patch @@ -0,0 +1,16 @@ +diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c +--- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.701863373 +0100 ++++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.704863383 +0100 +@@ -1235,9 +1235,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_a + + /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ + /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ ++ /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */ ++ /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */ + /* TODO: is there a theoretical upper-bound for the compressed code */ + /* block size ? */ +- l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * ++ l_data_size = 26 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * + (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); + + if (l_data_size > p_code_block->data_size) { |