From ec030379984fe4becf3f014e31e66e2b25539039 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Mon, 31 May 2021 14:07:41 +0200
Subject: sync with Fedora Update to 2.4.0 Apply proposed patches for
 CVE-2021-29338 and a heap buffer overflow (#1957616)

---
 heap-buffer-overflow.patch | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 heap-buffer-overflow.patch

(limited to 'heap-buffer-overflow.patch')

diff --git a/heap-buffer-overflow.patch b/heap-buffer-overflow.patch
new file mode 100644
index 0000000..6dcd51a
--- /dev/null
+++ b/heap-buffer-overflow.patch
@@ -0,0 +1,22 @@
+diff -rupN --no-dereference openjpeg-2.4.0/src/bin/common/color.c openjpeg-2.4.0-new/src/bin/common/color.c
+--- openjpeg-2.4.0/src/bin/common/color.c	2020-12-28 21:59:39.000000000 +0100
++++ openjpeg-2.4.0-new/src/bin/common/color.c	2021-05-27 23:46:46.961130438 +0200
+@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t *
+ 
+             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ 
+-            ++y;
++            if (*y != img->comps[0].data[loopmaxh])
++                ++y;
+             ++r;
+             ++g;
+             ++b;
+-            ++cb;
+-            ++cr;
++            if (*cb != img->comps[1].data[loopmaxh])
++                ++cb;
++            if (*cr != img->comps[2].data[loopmaxh])
++                ++cr;
+         }
+         if (j < maxw) {
+             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
-- 
cgit