FreeBSD Bugzilla – Attachment 174758 Details for
Bug 212672
graphics/openjpeg: fix CVE-2016-5157, CVE-2016-7163
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
openjpeg patch
openjpeg.patch (text/plain), 6.02 KB, created by
Piotr Kubaj
on 2016-09-14 00:24:12 UTC
(
hide
)
Description:
openjpeg patch
Filename:
MIME Type:
Creator:
Piotr Kubaj
Created:
2016-09-14 00:24:12 UTC
Size:
6.02 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 421879) >+++ Makefile (working copy) >@@ -3,6 +3,7 @@ > > PORTNAME= openjpeg > PORTVERSION= 2.1.1 >+PORTREVISION= 1 > CATEGORIES= graphics > > MAINTAINER= sunpoet@FreeBSD.org >Index: files/patch-src_lib_openjp2_pi.c >=================================================================== >--- files/patch-src_lib_openjp2_pi.c (nonexistent) >+++ files/patch-src_lib_openjp2_pi.c (working copy) >@@ -0,0 +1,17 @@ >+--- src/lib/openjp2/pi.c.orig 2016-09-14 00:01:22 UTC >++++ src/lib/openjp2/pi.c >+@@ -1236,7 +1236,13 @@ opj_pi_iterator_t *opj_pi_create_decode( >+ l_current_pi = l_pi; >+ >+ /* memory allocation for include */ >+- l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16)); >++ /* prevent an integer overflow issue */ >++ l_current_pi->include = 00; >++ if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U))) >++ { >++ l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16)); >++ } >++ >+ if >+ (!l_current_pi->include) >+ { > >Property changes on: files/patch-src_lib_openjp2_pi.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: files/patch-src_lib_openjp2_tcd.c >=================================================================== >--- files/patch-src_lib_openjp2_tcd.c (nonexistent) >+++ files/patch-src_lib_openjp2_tcd.c (working copy) >@@ -0,0 +1,23 @@ >+--- src/lib/openjp2/tcd.c.orig 2016-09-14 00:02:27 UTC >++++ src/lib/openjp2/tcd.c >+@@ -706,9 +706,20 @@ static INLINE OPJ_BOOL opj_tcd_init_tile >+ l_tx0 = l_cp->tx0 + p * l_cp->tdx; /* can't be greater than l_image->x1 so won't overflow */ >+ l_tile->x0 = (OPJ_INT32)opj_uint_max(l_tx0, l_image->x0); >+ l_tile->x1 = (OPJ_INT32)opj_uint_min(opj_uint_adds(l_tx0, l_cp->tdx), l_image->x1); >++ /* all those OPJ_UINT32 are casted to OPJ_INT32, let's do some sanity check */ >++ if ((l_tile->x0 < 0) || (l_tile->x1 <= l_tile->x0)) { >++ opj_event_msg(manager, EVT_ERROR, "Tile X coordinates are not supported\n"); >++ return OPJ_FALSE; >++ } >+ l_ty0 = l_cp->ty0 + q * l_cp->tdy; /* can't be greater than l_image->y1 so won't overflow */ >+ l_tile->y0 = (OPJ_INT32)opj_uint_max(l_ty0, l_image->y0); >+ l_tile->y1 = (OPJ_INT32)opj_uint_min(opj_uint_adds(l_ty0, l_cp->tdy), l_image->y1); >++ /* all those OPJ_UINT32 are casted to OPJ_INT32, let's do some sanity check */ >++ if ((l_tile->y0 < 0) || (l_tile->y1 <= l_tile->y0)) { >++ opj_event_msg(manager, EVT_ERROR, "Tile Y coordinates are not supported\n"); >++ return OPJ_FALSE; >++ } >++ >+ >+ /* testcase 1888.pdf.asan.35.988 */ >+ if (l_tccp->numresolutions == 0) { > >Property changes on: files/patch-src_lib_openjp2_tcd.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: files/patch-tests_compare__dump__files.c >=================================================================== >--- files/patch-tests_compare__dump__files.c (nonexistent) >+++ files/patch-tests_compare__dump__files.c (working copy) >@@ -0,0 +1,30 @@ >+--- tests/compare_dump_files.c.orig 2016-09-14 00:05:13 UTC >++++ tests/compare_dump_files.c >+@@ -118,10 +118,10 @@ int main(int argc, char **argv) >+ test_cmp_parameters inParam; >+ FILE *fbase=NULL, *ftest=NULL; >+ int same = 0; >+- char lbase[256]; >+- char strbase[256]; >+- char ltest[256]; >+- char strtest[256]; >++ char lbase[512]; >++ char strbase[512]; >++ char ltest[512]; >++ char strtest[512]; >+ >+ if( parse_cmdline_cmp(argc, argv, &inParam) == 1 ) >+ { >+@@ -154,9 +154,9 @@ int main(int argc, char **argv) >+ >+ while (fgets(lbase, sizeof(lbase), fbase) && fgets(ltest,sizeof(ltest),ftest)) >+ { >+- int nbase = sscanf(lbase, "%255[^\r\n]", strbase); >+- int ntest = sscanf(ltest, "%255[^\r\n]", strtest); >+- assert( nbase != 255 && ntest != 255 ); >++ int nbase = sscanf(lbase, "%511[^\r\n]", strbase); >++ int ntest = sscanf(ltest, "%511[^\r\n]", strtest); >++ assert( nbase != 511 && ntest != 511 ); >+ if( nbase != 1 || ntest != 1 ) >+ { >+ fprintf(stderr, "could not parse line from files\n" ); > >Property changes on: files/patch-tests_compare__dump__files.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: files/patch-tests_nonregression_test__suite.ctest.in >=================================================================== >--- files/patch-tests_nonregression_test__suite.ctest.in (nonexistent) >+++ files/patch-tests_nonregression_test__suite.ctest.in (working copy) >@@ -0,0 +1,9 @@ >+--- tests/nonregression/test_suite.ctest.in.orig 2016-09-14 00:06:50 UTC >++++ tests/nonregression/test_suite.ctest.in >+@@ -505,3 +505,6 @@ opj_decompress -i @INPUT_NR_PATH@/issue2 >+ # issue 326 + PR 559: CIELab colorspace >+ opj_decompress -i @INPUT_NR_PATH@/issue559-eci-090-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-090-CIELab.jp2.pgx >+ opj_decompress -i @INPUT_NR_PATH@/issue559-eci-091-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-091-CIELab.jp2.pgx >++# issue 823 (yes, not a typo, test image is issue822) >++!opj_decompress -i @INPUT_NR_PATH@/issue822.jp2 -o @TEMP_PATH@/issue822.png >++ > >Property changes on: files/patch-tests_nonregression_test__suite.ctest.in >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=174758">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
pkubaj
:
maintainer-approval?
(
sunpoet
)
Actions:
View
|
Diff
Attachments on
bug 212672
: 174758 |
174759