1 files changed, 16 insertions, 0 deletions

diff --git a/openjpeg2_CVE-2020-27814.patch b/openjpeg2_CVE-2020-27814.patch
new file mode 100644
index 0000000..cbb8007
--- /dev/null
+++ b/openjpeg2_CVE-2020-27814.patch
@@ -0,0 +1,16 @@
+diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c
+--- openjpeg-2.3.1/src/lib/openjp2/tcd.c	2020-11-28 23:29:38.701863373 +0100
++++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c	2020-11-28 23:29:38.704863383 +0100
+@@ -1235,9 +1235,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_a
+ 
+     /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
+     /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
++    /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */
++    /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */
+     /* TODO: is there a theoretical upper-bound for the compressed code */
+     /* block size ? */
+-    l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
++    l_data_size = 26 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
+                                    (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
+ 
+     if (l_data_size > p_code_block->data_size) {