|
 |
425a81 |
Backport of the upstream commit:
|
|
|
425a81 |
|
|
|
425a81 |
From c87ad330a8b8d6e5eb0065675601fdfae08ebaab Mon Sep 17 00:00:00 2001
|
|
|
425a81 |
From: Michael Adams <mdadams@ece.uvic.ca>
|
|
|
425a81 |
Date: Wed, 12 Oct 2016 11:37:33 -0700
|
|
|
425a81 |
Subject: [PATCH] Added fix for CVE-2016-2089.
|
|
|
425a81 |
|
|
|
425a81 |
diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_image.c jasper-1.900.1/src/libjasper/base/jas_image.c
|
|
|
425a81 |
--- jasper-1.900.1.orig/src/libjasper/base/jas_image.c 2017-03-24 22:40:10.000000000 +0100
|
|
|
425a81 |
+++ jasper-1.900.1/src/libjasper/base/jas_image.c 2017-03-24 22:40:51.000000000 +0100
|
|
|
425a81 |
@@ -442,6 +442,10 @@ int jas_image_readcmpt(jas_image_t *imag
|
|
|
425a81 |
return -1;
|
|
|
425a81 |
}
|
|
|
425a81 |
|
|
|
425a81 |
+ if (!jas_matrix_numrows(data) || !jas_matrix_numcols(data)) {
|
|
|
425a81 |
+ return -1;
|
|
|
425a81 |
+ }
|
|
|
425a81 |
+
|
|
|
425a81 |
if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) {
|
|
|
425a81 |
if (jas_matrix_resize(data, height, width)) {
|
|
|
425a81 |
return -1;
|
|
|
425a81 |
@@ -495,6 +499,10 @@ int jas_image_writecmpt(jas_image_t *ima
|
|
|
425a81 |
return -1;
|
|
|
425a81 |
}
|
|
|
425a81 |
|
|
|
425a81 |
+ if (!jas_matrix_numrows(data) || !jas_matrix_numcols(data)) {
|
|
|
425a81 |
+ return -1;
|
|
|
425a81 |
+ }
|
|
|
425a81 |
+
|
|
|
425a81 |
if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) {
|
|
|
425a81 |
return -1;
|
|
|
425a81 |
}
|
|
|
425a81 |
diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_seq.c jasper-1.900.1/src/libjasper/base/jas_seq.c
|
|
|
425a81 |
--- jasper-1.900.1.orig/src/libjasper/base/jas_seq.c 2017-03-24 15:26:36.000000000 +0100
|
|
|
425a81 |
+++ jasper-1.900.1/src/libjasper/base/jas_seq.c 2017-03-24 15:28:09.000000000 +0100
|
|
|
425a81 |
@@ -266,13 +266,16 @@ void jas_matrix_divpow2(jas_matrix_t *ma
|
|
|
425a81 |
int rowstep;
|
|
|
425a81 |
jas_seqent_t *data;
|
|
|
425a81 |
|
|
|
425a81 |
- rowstep = jas_matrix_rowstep(matrix);
|
|
|
425a81 |
- for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
|
|
425a81 |
- rowstart += rowstep) {
|
|
|
425a81 |
- for (j = matrix->numcols_, data = rowstart; j > 0; --j,
|
|
|
425a81 |
- ++data) {
|
|
|
425a81 |
- *data = (*data >= 0) ? ((*data) >> n) :
|
|
|
425a81 |
- (-((-(*data)) >> n));
|
|
|
425a81 |
+ if (jas_matrix_numrows(matrix) > 0 && jas_matrix_numcols(matrix) > 0) {
|
|
|
425a81 |
+ assert(matrix->rows_);
|
|
|
425a81 |
+ rowstep = jas_matrix_rowstep(matrix);
|
|
|
425a81 |
+ for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
|
|
425a81 |
+ rowstart += rowstep) {
|
|
|
425a81 |
+ for (j = matrix->numcols_, data = rowstart; j > 0; --j,
|
|
|
425a81 |
+ ++data) {
|
|
|
425a81 |
+ *data = (*data >= 0) ? ((*data) >> n) :
|
|
|
425a81 |
+ (-((-(*data)) >> n));
|
|
|
425a81 |
+ }
|
|
|
425a81 |
}
|
|
|
425a81 |
}
|
|
|
425a81 |
}
|
|
|
425a81 |
@@ -286,17 +289,20 @@ void jas_matrix_clip(jas_matrix_t *matri
|
|
|
425a81 |
jas_seqent_t *data;
|
|
|
425a81 |
int rowstep;
|
|
|
425a81 |
|
|
|
425a81 |
- rowstep = jas_matrix_rowstep(matrix);
|
|
|
425a81 |
- for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
|
|
425a81 |
- rowstart += rowstep) {
|
|
|
425a81 |
- data = rowstart;
|
|
|
425a81 |
- for (j = matrix->numcols_, data = rowstart; j > 0; --j,
|
|
|
425a81 |
- ++data) {
|
|
|
425a81 |
- v = *data;
|
|
|
425a81 |
- if (v < minval) {
|
|
|
425a81 |
- *data = minval;
|
|
|
425a81 |
- } else if (v > maxval) {
|
|
|
425a81 |
- *data = maxval;
|
|
|
425a81 |
+ if (jas_matrix_numrows(matrix) > 0 && jas_matrix_numcols(matrix) > 0) {
|
|
|
425a81 |
+ assert(matrix->rows_);
|
|
|
425a81 |
+ rowstep = jas_matrix_rowstep(matrix);
|
|
|
425a81 |
+ for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
|
|
425a81 |
+ rowstart += rowstep) {
|
|
|
425a81 |
+ data = rowstart;
|
|
|
425a81 |
+ for (j = matrix->numcols_, data = rowstart; j > 0; --j,
|
|
|
425a81 |
+ ++data) {
|
|
|
425a81 |
+ v = *data;
|
|
|
425a81 |
+ if (v < minval) {
|
|
|
425a81 |
+ *data = minval;
|
|
|
425a81 |
+ } else if (v > maxval) {
|
|
|
425a81 |
+ *data = maxval;
|
|
|
425a81 |
+ }
|
|
|
425a81 |
}
|
|
|
425a81 |
}
|
|
|
425a81 |
}
|
|
|
425a81 |
@@ -311,12 +317,15 @@ void jas_matrix_asr(jas_matrix_t *matrix
|
|
|
425a81 |
jas_seqent_t *data;
|
|
|
425a81 |
|
|
|
425a81 |
assert(n >= 0);
|
|
|
425a81 |
- rowstep = jas_matrix_rowstep(matrix);
|
|
|
425a81 |
- for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
|
|
425a81 |
- rowstart += rowstep) {
|
|
|
425a81 |
- for (j = matrix->numcols_, data = rowstart; j > 0; --j,
|
|
|
425a81 |
- ++data) {
|
|
|
425a81 |
- *data >>= n;
|
|
|
425a81 |
+ if (jas_matrix_numrows(matrix) > 0 && jas_matrix_numcols(matrix) > 0) {
|
|
|
425a81 |
+ assert(matrix->rows_);
|
|
|
425a81 |
+ rowstep = jas_matrix_rowstep(matrix);
|
|
|
425a81 |
+ for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
|
|
425a81 |
+ rowstart += rowstep) {
|
|
|
425a81 |
+ for (j = matrix->numcols_, data = rowstart; j > 0; --j,
|
|
|
425a81 |
+ ++data) {
|
|
|
425a81 |
+ *data >>= n;
|
|
|
425a81 |
+ }
|
|
|
425a81 |
}
|
|
|
425a81 |
}
|
|
|
425a81 |
}
|
|
|
425a81 |
@@ -329,12 +338,15 @@ void jas_matrix_asl(jas_matrix_t *matrix
|
|
|
425a81 |
int rowstep;
|
|
|
425a81 |
jas_seqent_t *data;
|
|
|
425a81 |
|
|
|
425a81 |
- rowstep = jas_matrix_rowstep(matrix);
|
|
|
425a81 |
- for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
|
|
425a81 |
- rowstart += rowstep) {
|
|
|
425a81 |
- for (j = matrix->numcols_, data = rowstart; j > 0; --j,
|
|
|
425a81 |
- ++data) {
|
|
|
425a81 |
- *data <<= n;
|
|
|
425a81 |
+ if (jas_matrix_numrows(matrix) > 0 && jas_matrix_numcols(matrix) > 0) {
|
|
|
425a81 |
+ assert(matrix->rows_);
|
|
|
425a81 |
+ rowstep = jas_matrix_rowstep(matrix);
|
|
|
425a81 |
+ for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
|
|
425a81 |
+ rowstart += rowstep) {
|
|
|
425a81 |
+ for (j = matrix->numcols_, data = rowstart; j > 0; --j,
|
|
|
425a81 |
+ ++data) {
|
|
|
425a81 |
+ *data <<= n;
|
|
|
425a81 |
+ }
|
|
|
425a81 |
}
|
|
|
425a81 |
}
|
|
|
425a81 |
}
|
|
|
425a81 |
@@ -371,12 +383,15 @@ void jas_matrix_setall(jas_matrix_t *mat
|
|
|
425a81 |
int rowstep;
|
|
|
425a81 |
jas_seqent_t *data;
|
|
|
425a81 |
|
|
|
425a81 |
- rowstep = jas_matrix_rowstep(matrix);
|
|
|
425a81 |
- for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
|
|
425a81 |
- rowstart += rowstep) {
|
|
|
425a81 |
- for (j = matrix->numcols_, data = rowstart; j > 0; --j,
|
|
|
425a81 |
- ++data) {
|
|
|
425a81 |
- *data = val;
|
|
|
425a81 |
+ if (jas_matrix_numrows(matrix) > 0 && jas_matrix_numcols(matrix) > 0) {
|
|
|
425a81 |
+ assert(matrix->rows_);
|
|
|
425a81 |
+ rowstep = jas_matrix_rowstep(matrix);
|
|
|
425a81 |
+ for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
|
|
|
425a81 |
+ rowstart += rowstep) {
|
|
|
425a81 |
+ for (j = matrix->numcols_, data = rowstart; j > 0; --j,
|
|
|
425a81 |
+ ++data) {
|
|
|
425a81 |
+ *data = val;
|
|
|
425a81 |
+ }
|
|
|
425a81 |
}
|
|
|
425a81 |
}
|
|
|
425a81 |
}
|