sync with FedoraHEADmaster

Backport fix for CVE-2022-1122

1 files changed, 12 insertions, 0 deletions

diff --git a/CVE-2022-1122.patch b/CVE-2022-1122.patch
new file mode 100644
index 0000000..7b3f905
--- /dev/null
+++ b/CVE-2022-1122.patch
@@ -0,0 +1,12 @@
+diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/opj_decompress.c openjpeg-2.4.0-new/src/bin/jp2/opj_decompress.c
+--- openjpeg-2.4.0/src/bin/jp2/opj_decompress.c	2022-03-28 22:01:04.615605223 +0200
++++ openjpeg-2.4.0-new/src/bin/jp2/opj_decompress.c	2022-03-28 22:01:04.662605454 +0200
+@@ -1351,7 +1351,7 @@ int main(int argc, char **argv)
+         int it_image;
+         num_images = get_num_images(img_fol.imgdirpath);
+ 
+-        dirptr = (dircnt_t*)malloc(sizeof(dircnt_t));
++        dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
+         if (!dirptr) {
+             destroy_parameters(&parameters);
+             return EXIT_FAILURE;