rpms / jasper

Clone
Source Code
GIT

Blame SOURCES/jasper-CVE-2016-8693.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   83be9eeb05bf9a646f913d7b812b21a3e8d9e570
  2.   SOURCES
  3.   jasper-CVE-2016-8693.patch
Blob History Raw
83be9e 
Backport of the upstream commit:
83be9e
83be9e 
From 44a524e367597af58d6265ae2014468b334d0309 Mon Sep 17 00:00:00 2001
83be9e 
From: Michael Adams <mdadams@ece.uvic.ca>
83be9e 
Date: Thu, 20 Oct 2016 07:34:32 -0700
83be9e 
Subject: [PATCH] The memory stream interface allows for a buffer size of zero.
83be9e 
 The case of a zero-sized buffer was not handled correctly, as it could lead
83be9e 
 to a double free. This problem has now been fixed (hopefully). One might ask
83be9e 
 whether a zero-sized buffer should be allowed at all, but this is a question
83be9e 
 for another day.
83be9e
83be9e 
diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_stream.c jasper-1.900.1/src/libjasper/base/jas_stream.c
83be9e 
--- jasper-1.900.1.orig/src/libjasper/base/jas_stream.c	2017-03-24 13:23:23.000000000 +0100
83be9e 
+++ jasper-1.900.1/src/libjasper/base/jas_stream.c	2017-03-24 13:33:01.986069625 +0100
83be9e 
@@ -991,8 +991,8 @@ static int mem_resize(jas_stream_memobj_
83be9e 
 {
83be9e 
 	unsigned char *buf;
83be9e
83be9e 
-	assert(m->buf_);
83be9e 
-	if (!(buf = jas_realloc(m->buf_, bufsize))) {
83be9e 
+	//assert(m->buf_);
83be9e 
+	if (!(buf = jas_realloc(m->buf_, bufsize)) && bufsize) {
83be9e 
 		return -1;
83be9e 
 	}
83be9e 
 	m->buf_ = buf;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation