From ec030379984fe4becf3f014e31e66e2b25539039 Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Mon, 31 May 2021 14:07:41 +0200 Subject: sync with Fedora Update to 2.4.0 Apply proposed patches for CVE-2021-29338 and a heap buffer overflow (#1957616) --- CVE-2021-29338.patch | 147 +++++++++++++++++++++++++++++++++++++++++ heap-buffer-overflow.patch | 22 ++++++ openjpeg2-static.spec | 48 ++++++-------- openjpeg2_CVE-2020-27814.patch | 16 ----- openjpeg2_CVE-2020-27823.patch | 26 -------- openjpeg2_CVE-2020-27824.patch | 23 ------- openjpeg2_CVE-2020-6851.patch | 18 ----- openjpeg2_CVE-2020-8112.patch | 30 --------- openjpeg2_opj2.patch | 6 +- 9 files changed, 193 insertions(+), 143 deletions(-) create mode 100644 CVE-2021-29338.patch create mode 100644 heap-buffer-overflow.patch delete mode 100644 openjpeg2_CVE-2020-27814.patch delete mode 100644 openjpeg2_CVE-2020-27823.patch delete mode 100644 openjpeg2_CVE-2020-27824.patch delete mode 100644 openjpeg2_CVE-2020-6851.patch delete mode 100644 openjpeg2_CVE-2020-8112.patch diff --git a/CVE-2021-29338.patch b/CVE-2021-29338.patch new file mode 100644 index 0000000..373f6d6 --- /dev/null +++ b/CVE-2021-29338.patch @@ -0,0 +1,147 @@ +diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/opj_compress.c openjpeg-2.4.0-new/src/bin/jp2/opj_compress.c +--- openjpeg-2.4.0/src/bin/jp2/opj_compress.c 2020-12-28 21:59:39.000000000 +0100 ++++ openjpeg-2.4.0-new/src/bin/jp2/opj_compress.c 2021-05-27 23:46:46.916130437 +0200 +@@ -543,8 +543,8 @@ static char * get_file_name(char *name) + static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol, + opj_cparameters_t *parameters) + { +- char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN], +- outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN]; ++ char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2], ++ outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN]; + char *temp_p, temp1[OPJ_PATH_LEN] = ""; + + strcpy(image_filename, dirptr->filename[imageno]); +@@ -553,7 +553,7 @@ static char get_next_file(int imageno, d + if (parameters->decod_format == -1) { + return 1; + } +- sprintf(infilename, "%s/%s", img_fol->imgdirpath, image_filename); ++ snprintf(infilename, OPJ_PATH_LEN * 2, "%s/%s", img_fol->imgdirpath, image_filename); + if (opj_strcpy_s(parameters->infile, sizeof(parameters->infile), + infilename) != 0) { + return 1; +@@ -566,7 +566,7 @@ static char get_next_file(int imageno, d + sprintf(temp1, ".%s", temp_p); + } + if (img_fol->set_out_format == 1) { +- sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname, ++ snprintf(outfilename, OPJ_PATH_LEN * 2, "%s/%s.%s", img_fol->imgdirpath, temp_ofname, + img_fol->out_format); + if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile), + outfilename) != 0) { +@@ -1910,9 +1910,9 @@ int main(int argc, char **argv) + num_images = get_num_images(img_fol.imgdirpath); + dirptr = (dircnt_t*)malloc(sizeof(dircnt_t)); + if (dirptr) { +- dirptr->filename_buf = (char*)malloc(num_images * OPJ_PATH_LEN * sizeof( ++ dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN * sizeof( + char)); /* Stores at max 10 image file names*/ +- dirptr->filename = (char**) malloc(num_images * sizeof(char*)); ++ dirptr->filename = (char**) calloc(num_images, sizeof(char*)); + if (!dirptr->filename_buf) { + ret = 0; + goto fin; +diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/opj_decompress.c openjpeg-2.4.0-new/src/bin/jp2/opj_decompress.c +--- openjpeg-2.4.0/src/bin/jp2/opj_decompress.c 2020-12-28 21:59:39.000000000 +0100 ++++ openjpeg-2.4.0-new/src/bin/jp2/opj_decompress.c 2021-05-27 23:46:46.916130437 +0200 +@@ -455,13 +455,13 @@ const char* path_separator = "/"; + char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol, + opj_decompress_parameters *parameters) + { +- char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN], +- outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN]; ++ char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2], ++ outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN]; + char *temp_p, temp1[OPJ_PATH_LEN] = ""; + + strcpy(image_filename, dirptr->filename[imageno]); + fprintf(stderr, "File Number %d \"%s\"\n", imageno, image_filename); +- sprintf(infilename, "%s%s%s", img_fol->imgdirpath, path_separator, ++ snprintf(infilename, OPJ_PATH_LEN * 2, "%s%s%s", img_fol->imgdirpath, path_separator, + image_filename); + parameters->decod_format = infile_format(infilename); + if (parameters->decod_format == -1) { +@@ -479,7 +479,7 @@ char get_next_file(int imageno, dircnt_t + sprintf(temp1, ".%s", temp_p); + } + if (img_fol->set_out_format == 1) { +- sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname, ++ snprintf(outfilename, OPJ_PATH_LEN * 2, "%s/%s.%s", img_fol->imgdirpath, temp_ofname, + img_fol->out_format); + if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile), + outfilename) != 0) { +@@ -1357,14 +1357,13 @@ int main(int argc, char **argv) + return EXIT_FAILURE; + } + /* Stores at max 10 image file names */ +- dirptr->filename_buf = (char*)malloc(sizeof(char) * +- (size_t)num_images * OPJ_PATH_LEN); ++ dirptr->filename_buf = calloc((size_t) num_images, sizeof(char) * OPJ_PATH_LEN); + if (!dirptr->filename_buf) { + failed = 1; + goto fin; + } + +- dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*)); ++ dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*)); + + if (!dirptr->filename) { + failed = 1; +diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/opj_dump.c openjpeg-2.4.0-new/src/bin/jp2/opj_dump.c +--- openjpeg-2.4.0/src/bin/jp2/opj_dump.c 2020-12-28 21:59:39.000000000 +0100 ++++ openjpeg-2.4.0-new/src/bin/jp2/opj_dump.c 2021-05-27 23:46:46.917130437 +0200 +@@ -201,8 +201,8 @@ static int get_file_format(const char *f + static char get_next_file(int imageno, dircnt_t *dirptr, img_fol_t *img_fol, + opj_dparameters_t *parameters) + { +- char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN], +- outfilename[OPJ_PATH_LEN], temp_ofname[OPJ_PATH_LEN]; ++ char image_filename[OPJ_PATH_LEN], infilename[OPJ_PATH_LEN * 2], ++ outfilename[OPJ_PATH_LEN * 2], temp_ofname[OPJ_PATH_LEN]; + char *temp_p, temp1[OPJ_PATH_LEN] = ""; + + strcpy(image_filename, dirptr->filename[imageno]); +@@ -211,7 +211,7 @@ static char get_next_file(int imageno, d + if (parameters->decod_format == -1) { + return 1; + } +- sprintf(infilename, "%s/%s", img_fol->imgdirpath, image_filename); ++ snprintf(infilename, OPJ_PATH_LEN * 2, "%s/%s", img_fol->imgdirpath, image_filename); + if (opj_strcpy_s(parameters->infile, sizeof(parameters->infile), + infilename) != 0) { + return 1; +@@ -224,7 +224,7 @@ static char get_next_file(int imageno, d + sprintf(temp1, ".%s", temp_p); + } + if (img_fol->set_out_format == 1) { +- sprintf(outfilename, "%s/%s.%s", img_fol->imgdirpath, temp_ofname, ++ snprintf(outfilename, OPJ_PATH_LEN * 2, "%s/%s.%s", img_fol->imgdirpath, temp_ofname, + img_fol->out_format); + if (opj_strcpy_s(parameters->outfile, sizeof(parameters->outfile), + outfilename) != 0) { +@@ -457,7 +457,7 @@ int main(int argc, char *argv[]) + opj_codestream_info_v2_t* cstr_info = NULL; + opj_codestream_index_t* cstr_index = NULL; + +- OPJ_INT32 num_images, imageno; ++ int num_images, imageno; + img_fol_t img_fol; + dircnt_t *dirptr = NULL; + +@@ -486,13 +486,13 @@ int main(int argc, char *argv[]) + if (!dirptr) { + return EXIT_FAILURE; + } +- dirptr->filename_buf = (char*)malloc((size_t)num_images * OPJ_PATH_LEN * sizeof( ++ dirptr->filename_buf = (char*) calloc((size_t) num_images, OPJ_PATH_LEN * sizeof( + char)); /* Stores at max 10 image file names*/ + if (!dirptr->filename_buf) { + free(dirptr); + return EXIT_FAILURE; + } +- dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*)); ++ dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*)); + + if (!dirptr->filename) { + goto fails; diff --git a/heap-buffer-overflow.patch b/heap-buffer-overflow.patch new file mode 100644 index 0000000..6dcd51a --- /dev/null +++ b/heap-buffer-overflow.patch @@ -0,0 +1,22 @@ +diff -rupN --no-dereference openjpeg-2.4.0/src/bin/common/color.c openjpeg-2.4.0-new/src/bin/common/color.c +--- openjpeg-2.4.0/src/bin/common/color.c 2020-12-28 21:59:39.000000000 +0100 ++++ openjpeg-2.4.0-new/src/bin/common/color.c 2021-05-27 23:46:46.961130438 +0200 +@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t * + + sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); + +- ++y; ++ if (*y != img->comps[0].data[loopmaxh]) ++ ++y; + ++r; + ++g; + ++b; +- ++cb; +- ++cr; ++ if (*cb != img->comps[1].data[loopmaxh]) ++ ++cb; ++ if (*cr != img->comps[2].data[loopmaxh]) ++ ++cr; + } + if (j < maxw) { + sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); diff --git a/openjpeg2-static.spec b/openjpeg2-static.spec index 2ee7543..f0339cc 100644 --- a/openjpeg2-static.spec +++ b/openjpeg2-static.spec @@ -10,8 +10,8 @@ %global _target_platform %{_vendor}-%{_target_os} Name: openjpeg2-static -Version: 2.3.1 -Release: 9%{?dist} +Version: 2.4.0 +Release: 1%{?dist} Summary: C-Library for JPEG 2000 # windirent.h is MIT, the rest is BSD @@ -25,21 +25,13 @@ Source1: data.tar.xz # Rename tool names to avoid conflicts with openjpeg-1.x Patch0: openjpeg2_opj2.patch -# Backport patch for CVE 2020-6851 -# https://github.com/uclouvain/openjpeg/issues/1228 -Patch1: openjpeg2_CVE-2020-6851.patch -# Backport patch for CVE 2020-8112 -# https://github.com/uclouvain/openjpeg/pull/1232/commits/05f9b91e60debda0e83977e5e63b2e66486f7074 -Patch2: openjpeg2_CVE-2020-8112.patch -# Backport patch for CVE-2020-27814 -# https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc -Patch3: openjpeg2_CVE-2020-27814.patch -# Backport patch for CVE-2020-27824 -# https://github.com/uclouvain/openjpeg/pull/1292/commits/6daf5f3e1ec6eff03b7982889874a3de6617db8d -Patch4: openjpeg2_CVE-2020-27824.patch -# Backport patch for CVE-2020-27823 -# https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919 -Patch5: openjpeg2_CVE-2020-27823.patch +# Backport proposed patch for CVE-2021-29338 +# See https://github.com/uclouvain/openjpeg/issues/1338 +# and https://github.com/uclouvain/openjpeg/pull/1346 +Patch1: CVE-2021-29338.patch +# Backport proposed patch for heap buffer overflow (#1957616) +# See https://github.com/uclouvain/openjpeg/issues/1347 +Patch2: heap-buffer-overflow.patch BuildRequires: cmake @@ -224,9 +216,6 @@ OpenJPEG2 JP3D module command line tools %patch0 -p1 %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 # Remove all third party libraries just to be sure find thirdparty/ -mindepth 1 -maxdepth 1 -type d -exec rm -rf {} \; @@ -247,7 +236,7 @@ export CFLAGS="%{optflags} -fPIC" -DBUILD_STATIC_LIBS=ON \ -DBUILD_SHARED_LIBS=OFF \ %{?runcheck:-DBUILD_TESTING:BOOL=ON -DOPJ_DATA_ROOT=$PWD/../data} \ - .. + -B . -S .. popd %make_build VERBOSE=1 -C %{_target_platform} @@ -290,15 +279,15 @@ make test -C %{_target_platform} %{!?_licensedir:%global license %doc} %license LICENSE %doc AUTHORS.md NEWS.md README.md THANKS.md -%{_mandir}/man3/libopenjp2.3* +%{_mandir}/man3/libopenjp2.* %files devel -%dir %{_includedir}/openjpeg-2.3/ -%{_includedir}/openjpeg-2.3/openjpeg.h -%{_includedir}/openjpeg-2.3/opj_config.h -%{_includedir}/openjpeg-2.3/opj_stdint.h +%dir %{_includedir}/openjpeg-2.4/ +%{_includedir}/openjpeg-2.4/openjpeg.h +%{_includedir}/openjpeg-2.4/opj_config.h +%{_includedir}/openjpeg-2.4/opj_stdint.h %{_libdir}/libopenjp2.a -%{_libdir}/openjpeg-2.3/ +%{_libdir}/openjpeg-2.4/ %{_libdir}/pkgconfig/libopenjp2.pc %files devel-docs @@ -358,6 +347,11 @@ make test -C %{_target_platform} %changelog +* Mon May 31 2021 Remi Collet - 2.4.0-1 +- sync with Fedora +- Update to 2.4.0 +- Apply proposed patches for CVE-2021-29338 and a heap buffer overflow (#1957616) + * Thu Feb 13 2020 Remi Collet - 2.3.1-9 - sync with Fedora - Backport patches for CVE-2020-27824 and CVE-2020-27823 diff --git a/openjpeg2_CVE-2020-27814.patch b/openjpeg2_CVE-2020-27814.patch deleted file mode 100644 index cbb8007..0000000 --- a/openjpeg2_CVE-2020-27814.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c ---- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.701863373 +0100 -+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.704863383 +0100 -@@ -1235,9 +1235,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_a - - /* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */ - /* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */ -+ /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */ -+ /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */ - /* TODO: is there a theoretical upper-bound for the compressed code */ - /* block size ? */ -- l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * -+ l_data_size = 26 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) * - (p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32)); - - if (l_data_size > p_code_block->data_size) { diff --git a/openjpeg2_CVE-2020-27823.patch b/openjpeg2_CVE-2020-27823.patch deleted file mode 100644 index 02fa0ac..0000000 --- a/openjpeg2_CVE-2020-27823.patch +++ /dev/null @@ -1,26 +0,0 @@ -From b2072402b7e14d22bba6fb8cde2a1e9996e9a919 Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Mon, 30 Nov 2020 22:31:51 +0100 -Subject: [PATCH] pngtoimage(): fix wrong computation of x1,y1 if -d option is - used, that would result in a heap buffer overflow (fixes #1284) - ---- - src/bin/jp2/convertpng.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c -index 328c91beb..00f596e27 100644 ---- a/src/bin/jp2/convertpng.c -+++ b/src/bin/jp2/convertpng.c -@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params) - image->x0 = (OPJ_UINT32)params->image_offset_x0; - image->y0 = (OPJ_UINT32)params->image_offset_y0; - image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32) -- params->subsampling_dx + 1 + image->x0); -+ params->subsampling_dx + 1); - image->y1 = (OPJ_UINT32)(image->y0 + (height - 1) * (OPJ_UINT32) -- params->subsampling_dy + 1 + image->y0); -+ params->subsampling_dy + 1); - - row32s = (OPJ_INT32 *)malloc((size_t)width * nr_comp * sizeof(OPJ_INT32)); - if (row32s == NULL) { diff --git a/openjpeg2_CVE-2020-27824.patch b/openjpeg2_CVE-2020-27824.patch deleted file mode 100644 index 8301f7e..0000000 --- a/openjpeg2_CVE-2020-27824.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 6daf5f3e1ec6eff03b7982889874a3de6617db8d Mon Sep 17 00:00:00 2001 -From: Even Rouault -Date: Mon, 30 Nov 2020 22:37:07 +0100 -Subject: [PATCH] Encoder: avoid global buffer overflow on irreversible - conversion when too many decomposition levels are specified (fixes #1286) - ---- - src/lib/openjp2/dwt.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c -index ee9eb5e63..4164ba090 100644 ---- a/src/lib/openjp2/dwt.c -+++ b/src/lib/openjp2/dwt.c -@@ -1976,7 +1976,7 @@ void opj_dwt_calc_explicit_stepsizes(opj_tccp_t * tccp, OPJ_UINT32 prec) - if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) { - stepsize = 1.0; - } else { -- OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level]; -+ OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient); - stepsize = (1 << (gain)) / norm; - } - opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0), diff --git a/openjpeg2_CVE-2020-6851.patch b/openjpeg2_CVE-2020-6851.patch deleted file mode 100644 index 5e2cfd7..0000000 --- a/openjpeg2_CVE-2020-6851.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/j2k.c openjpeg-2.3.1-new/src/lib/openjp2/j2k.c ---- openjpeg-2.3.1/src/lib/openjp2/j2k.c 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/lib/openjp2/j2k.c 2020-11-28 23:29:38.618863089 +0100 -@@ -9236,6 +9236,14 @@ static OPJ_BOOL opj_j2k_update_image_dim - l_img_comp = p_image->comps; - for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) { - OPJ_INT32 l_h, l_w; -+ if (p_image->x0 > (OPJ_UINT32)INT_MAX || -+ p_image->y0 > (OPJ_UINT32)INT_MAX || -+ p_image->x1 > (OPJ_UINT32)INT_MAX || -+ p_image->y1 > (OPJ_UINT32)INT_MAX) { -+ opj_event_msg(p_manager, EVT_ERROR, -+ "Image coordinates above INT_MAX are not supported\n"); -+ return OPJ_FALSE; -+ } - - l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0, - (OPJ_INT32)l_img_comp->dx); diff --git a/openjpeg2_CVE-2020-8112.patch b/openjpeg2_CVE-2020-8112.patch deleted file mode 100644 index dd6e1b9..0000000 --- a/openjpeg2_CVE-2020-8112.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c ---- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-11-28 23:29:38.662863239 +0100 -@@ -905,8 +905,24 @@ static INLINE OPJ_BOOL opj_tcd_init_tile - /* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000) */ - l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx; - l_tl_prc_y_start = opj_int_floordivpow2(l_res->y0, (OPJ_INT32)l_pdy) << l_pdy; -- l_br_prc_x_end = opj_int_ceildivpow2(l_res->x1, (OPJ_INT32)l_pdx) << l_pdx; -- l_br_prc_y_end = opj_int_ceildivpow2(l_res->y1, (OPJ_INT32)l_pdy) << l_pdy; -+ { -+ OPJ_UINT32 tmp = ((OPJ_UINT32)opj_int_ceildivpow2(l_res->x1, -+ (OPJ_INT32)l_pdx)) << l_pdx; -+ if (tmp > (OPJ_UINT32)INT_MAX) { -+ opj_event_msg(manager, EVT_ERROR, "Integer overflow\n"); -+ return OPJ_FALSE; -+ } -+ l_br_prc_x_end = (OPJ_INT32)tmp; -+ } -+ { -+ OPJ_UINT32 tmp = ((OPJ_UINT32)opj_int_ceildivpow2(l_res->y1, -+ (OPJ_INT32)l_pdy)) << l_pdy; -+ if (tmp > (OPJ_UINT32)INT_MAX) { -+ opj_event_msg(manager, EVT_ERROR, "Integer overflow\n"); -+ return OPJ_FALSE; -+ } -+ l_br_prc_y_end = (OPJ_INT32)tmp; -+ } - /*fprintf(stderr, "\t\t\tprc_x_start=%d, prc_y_start=%d, br_prc_x_end=%d, br_prc_y_end=%d \n", l_tl_prc_x_start, l_tl_prc_y_start, l_br_prc_x_end ,l_br_prc_y_end );*/ - - l_res->pw = (l_res->x0 == l_res->x1) ? 0U : (OPJ_UINT32)(( diff --git a/openjpeg2_opj2.patch b/openjpeg2_opj2.patch index f4ecd0c..e38c818 100644 --- a/openjpeg2_opj2.patch +++ b/openjpeg2_opj2.patch @@ -1,6 +1,6 @@ -diff -rupN --no-dereference openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt ---- openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt 2019-04-02 14:45:15.000000000 +0200 -+++ openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt 2020-11-28 23:29:38.576862946 +0100 +diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt +--- openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt 2020-12-28 21:59:39.000000000 +0100 ++++ openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt 2021-05-27 23:46:46.878130437 +0200 @@ -44,6 +44,8 @@ endif() # Loop over all executables: foreach(exe opj_decompress opj_compress opj_dump) -- cgit