Commit 81df1a98 authored by Leo's avatar Leo

main/openjpeg: fix CVE-2020-27844

See: #12495
parent 97a2ead7
Pipeline #74279 canceled with stages
in 17 seconds
# Maintainer: Francesco Colista <fcolista@alpinelinux.org>
pkgname=openjpeg
pkgver=2.3.1
pkgrel=6
pkgrel=7
pkgdesc="Open-source implementation of JPEG2000 image codec"
url="https://www.openjpeg.org/"
arch="all"
......@@ -18,6 +18,7 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/uclouvain/openjpeg/archive/v
CVE-2020-27814.patch
CVE-2020-27823.patch
CVE-2020-27824.patch
CVE-2021-27844.patch
"
build() {
......@@ -29,6 +30,8 @@ build() {
}
# secfixes:
# 2.3.1-r7:
# - CVE-2020-27844
# 2.3.1-r6:
# - CVE-2020-27814
# - CVE-2020-27823
......@@ -79,4 +82,5 @@ c8ffc926d91392b38250fd4e00fff5f93fbf5e17487d0e4a0184c9bd191aa2233c5c5dcf097dd628
f36ea384272b3918d194f7d64bcc321a66fa6ebb2d73ece3d69225f883ec8a2777284f633902cf954f9a847bd758da2c36c74d8ef28c4cd82a3bf076e326c611 CVE-2020-15389.patch
fffaa91a3c67b4edbd313bb9bbd7a9f5abeb65bc0ddda3f676eed86662c0ef844b06a1331bfea785cc6178f31750cb9172a81a7359a618694b740915a9ce494a CVE-2020-27814.patch
a5d5ff618a78ca16a5958c95860652101c59f39bb48ad13c1d802f559dca11d3a9c069e5898a48c5c5e5186ba186afe091653949bca6dfd3bdff236283a50be8 CVE-2020-27823.patch
796f75d61db2cbb07dd8e3d7e52895a1b22dbf9e01763a1b0caaed413e76ef9b2f4927ceaefd5b07775639a4aaac5c50e641bcff6d646166d8d7160f17026f6f CVE-2020-27824.patch"
796f75d61db2cbb07dd8e3d7e52895a1b22dbf9e01763a1b0caaed413e76ef9b2f4927ceaefd5b07775639a4aaac5c50e641bcff6d646166d8d7160f17026f6f CVE-2020-27824.patch
f160570b66655bea6a7a56b37bafe8c1856219df31f2e52bdb4788c3abfd716aa2200f05c7d7389a143d9249302c3f96aac4a49ac222af5f5823fa41f8bc2d5f CVE-2021-27844.patch"
From 73fdf28342e4594019af26eb6a347a34eceb6296 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Wed, 2 Dec 2020 14:10:16 +0100
Subject: [PATCH] opj_j2k_write_sod(): avoid potential heap buffer overflow
(fixes #1299) (probably master only)
---
src/lib/openjp2/j2k.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
index 78d459259..8e343ab2e 100644
--- a/src/lib/openjp2/j2k.c
+++ b/src/lib/openjp2/j2k.c
@@ -4806,8 +4806,13 @@ static OPJ_BOOL opj_j2k_write_sod(opj_j2k_t *p_j2k,
}
}
- assert(l_remaining_data >
- p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT);
+ if (l_remaining_data <
+ p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "Not enough bytes in output buffer to write SOD marker\n");
+ opj_tcd_marker_info_destroy(marker_info);
+ return OPJ_FALSE;
+ }
l_remaining_data -= p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT;
if (! opj_tcd_encode_tile(p_tile_coder, p_j2k->m_current_tile_number,
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment