rpms / jasper

Clone
Source Code
GIT

Blame SOURCES/jasper-CVE-2016-8691-CVE-2016-8692.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   c7-alt
  2.   SOURCES
  3.   jasper-CVE-2016-8691-CVE-2016-8692.patch
Blob History Raw
83be9e 
From d8c2604cd438c41ec72aff52c16ebd8183068020 Mon Sep 17 00:00:00 2001
83be9e 
From: Michael Adams <mdadams@ece.uvic.ca>
83be9e 
Date: Sat, 15 Oct 2016 12:22:28 -0700
83be9e 
Subject: [PATCH] Added range check on XRsiz and YRsiz fields of SIZ marker
83be9e 
 segment.
83be9e
83be9e 
---
83be9e 
 src/libjasper/jpc/jpc_cs.c | 10 ++++++++++
83be9e 
 1 file changed, 10 insertions(+)
83be9e
83be9e 
diff --git a/src/libjasper/jpc/jpc_cs.c b/src/libjasper/jpc/jpc_cs.c
83be9e 
index 6da4872..55d34d6 100644
83be9e 
--- a/src/libjasper/jpc/jpc_cs.c
83be9e 
+++ b/src/libjasper/jpc/jpc_cs.c
83be9e 
@@ -512,6 +512,16 @@ static int jpc_siz_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate,
83be9e 
 			jas_free(siz->comps);
83be9e 
 			return -1;
83be9e 
 		}
83be9e 
+		if (siz->comps[i].hsamp == 0 || siz->comps[i].hsamp > 255) {
83be9e 
+			jas_eprintf("invalid XRsiz value %d\n", siz->comps[i].hsamp);
83be9e 
+			jas_free(siz->comps);
83be9e 
+			return -1;
83be9e 
+		}
83be9e 
+		if (siz->comps[i].vsamp == 0 || siz->comps[i].vsamp > 255) {
83be9e 
+			jas_eprintf("invalid YRsiz value %d\n", siz->comps[i].vsamp);
83be9e 
+			jas_free(siz->comps);
83be9e 
+			return -1;
83be9e 
+		}
83be9e 
 		siz->comps[i].sgnd = (tmp >> 7) & 1;
83be9e 
 		siz->comps[i].prec = (tmp & 0x7f) + 1;
83be9e 
 	}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation