rpms / jasper

Clone
Source Code
GIT

Blame SOURCES/jasper-CVE-2016-8691-CVE-2016-8692.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   3acafb6a37350c03d9ffc3b5171c2bb651b1f7ce
  2.   SOURCES
  3.   jasper-CVE-2016-8691-CVE-2016-8692.patch
Blob History Raw
94b862 
From d8c2604cd438c41ec72aff52c16ebd8183068020 Mon Sep 17 00:00:00 2001
94b862 
From: Michael Adams <mdadams@ece.uvic.ca>
94b862 
Date: Sat, 15 Oct 2016 12:22:28 -0700
94b862 
Subject: [PATCH] Added range check on XRsiz and YRsiz fields of SIZ marker
94b862 
 segment.
94b862
94b862 
---
94b862 
 src/libjasper/jpc/jpc_cs.c | 10 ++++++++++
94b862 
 1 file changed, 10 insertions(+)
94b862
94b862 
diff --git a/src/libjasper/jpc/jpc_cs.c b/src/libjasper/jpc/jpc_cs.c
94b862 
index 6da4872..55d34d6 100644
94b862 
--- a/src/libjasper/jpc/jpc_cs.c
94b862 
+++ b/src/libjasper/jpc/jpc_cs.c
94b862 
@@ -512,6 +512,16 @@ static int jpc_siz_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate,
94b862 
 			jas_free(siz->comps);
94b862 
 			return -1;
94b862 
 		}
94b862 
+		if (siz->comps[i].hsamp == 0 || siz->comps[i].hsamp > 255) {
94b862 
+			jas_eprintf("invalid XRsiz value %d\n", siz->comps[i].hsamp);
94b862 
+			jas_free(siz->comps);
94b862 
+			return -1;
94b862 
+		}
94b862 
+		if (siz->comps[i].vsamp == 0 || siz->comps[i].vsamp > 255) {
94b862 
+			jas_eprintf("invalid YRsiz value %d\n", siz->comps[i].vsamp);
94b862 
+			jas_free(siz->comps);
94b862 
+			return -1;
94b862 
+		}
94b862 
 		siz->comps[i].sgnd = (tmp >> 7) & 1;
94b862 
 		siz->comps[i].prec = (tmp & 0x7f) + 1;
94b862 
 	}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation