summaryrefslogtreecommitdiffstats
path: root/heap-buffer-overflow.patch
diff options
context:
space:
mode:
authorRemi Collet <remi@remirepo.net>2021-05-31 14:07:41 +0200
committerRemi Collet <remi@remirepo.net>2021-05-31 14:07:41 +0200
commitec030379984fe4becf3f014e31e66e2b25539039 (patch)
tree1cab3215bbad05c5414e6fa24f059ffe96d27fd1 /heap-buffer-overflow.patch
parentaa3cad9000d51a3aae7dd04933776c7efd7f3b87 (diff)
sync with Fedora
Update to 2.4.0 Apply proposed patches for CVE-2021-29338 and a heap buffer overflow (#1957616)
Diffstat (limited to 'heap-buffer-overflow.patch')
-rw-r--r--heap-buffer-overflow.patch22
1 files changed, 22 insertions, 0 deletions
diff --git a/heap-buffer-overflow.patch b/heap-buffer-overflow.patch
new file mode 100644
index 0000000..6dcd51a
--- /dev/null
+++ b/heap-buffer-overflow.patch
@@ -0,0 +1,22 @@
+diff -rupN --no-dereference openjpeg-2.4.0/src/bin/common/color.c openjpeg-2.4.0-new/src/bin/common/color.c
+--- openjpeg-2.4.0/src/bin/common/color.c 2020-12-28 21:59:39.000000000 +0100
++++ openjpeg-2.4.0-new/src/bin/common/color.c 2021-05-27 23:46:46.961130438 +0200
+@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t *
+
+ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+
+- ++y;
++ if (*y != img->comps[0].data[loopmaxh])
++ ++y;
+ ++r;
+ ++g;
+ ++b;
+- ++cb;
+- ++cr;
++ if (*cb != img->comps[1].data[loopmaxh])
++ ++cb;
++ if (*cr != img->comps[2].data[loopmaxh])
++ ++cr;
+ }
+ if (j < maxw) {
+ sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);