rpms / jasper

Clone
Source Code
GIT

Blame SOURCES/jasper-CVE-2016-8883.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c7-ppc64le c8 c8-beta c8s c9 c9-beta
  1.   425a81bb10b1acbaaa1c8a4ea0e1911a92b6f5b1
  2.   SOURCES
  3.   jasper-CVE-2016-8883.patch
Blob History Raw
425a81 
Backport of upstream commit:
425a81
425a81 
From 33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d Mon Sep 17 00:00:00 2001
425a81 
From: Michael Adams <mdadams@ece.uvic.ca>
425a81 
Date: Wed, 19 Oct 2016 15:02:20 -0700
425a81 
Subject: [PATCH] The RCT and ICT require at least three components.
425a81 
 Previously, this was enforced with an assertion. Now, the assertion has been
425a81 
 replaced with a proper error check.
425a81
425a81 
diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
425a81 
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c	2017-03-31 15:52:43.000000000 +0200
425a81 
+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c	2017-03-31 21:58:17.000000000 +0200
425a81 
@@ -1070,12 +1070,18 @@ static int jpc_dec_tiledecode(jpc_dec_t
425a81 
 	/* Apply an inverse intercomponent transform if necessary. */
425a81 
 	switch (tile->cp->mctid) {
425a81 
 	case JPC_MCT_RCT:
425a81 
-		assert(dec->numcomps >= 3);
425a81 
+		if (dec->numcomps < 3) {
425a81 
+			jas_eprintf("RCT requires at least three components\n");
425a81 
+			return -1;
425a81 
+		}
425a81 
 		jpc_irct(tile->tcomps[0].data, tile->tcomps[1].data,
425a81 
 		  tile->tcomps[2].data);
425a81 
 		break;
425a81 
 	case JPC_MCT_ICT:
425a81 
-		assert(dec->numcomps >= 3);
425a81 
+		if (dec->numcomps < 3) {
425a81 
+			jas_eprintf("ICT requires at least three components\n");
425a81 
+			return -1;
425a81 
+		}
425a81 
 		jpc_iict(tile->tcomps[0].data, tile->tcomps[1].data,
425a81 
 		  tile->tcomps[2].data);
425a81 
 		break;
425a81 
@@ -1127,7 +1133,7 @@ static int jpc_dec_tiledecode(jpc_dec_t
425a81 
 		  JPC_CEILDIV(dec->ystart, cmpt->vstep), jas_matrix_numcols(
425a81 
 		  tcomp->data), jas_matrix_numrows(tcomp->data), tcomp->data)) {
425a81 
 			jas_eprintf("write component failed\n");
425a81 
-			return -4;
425a81 
+			return -1;
425a81 
 		}
425a81 
 	}
425a81

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation