mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-14 19:05:10 -05:00
d536113df0
* gnu/packages/image.scm (openjpeg)[source]: Add patches. * gnu/packages/patches/openjpeg-CVE-2017-14040.patch, gnu/packages/patches/openjpeg-CVE-2017-14041.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them.
25 lines
1,017 B
Diff
25 lines
1,017 B
Diff
http://openwall.com/lists/oss-security/2017/08/28/4
|
|
https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9.patch
|
|
|
|
From e5285319229a5d77bf316bb0d3a6cbd3cb8666d9 Mon Sep 17 00:00:00 2001
|
|
From: Even Rouault <even.rouault@spatialys.com>
|
|
Date: Fri, 18 Aug 2017 13:39:20 +0200
|
|
Subject: [PATCH] pgxtoimage(): fix write stack buffer overflow (#997)
|
|
|
|
---
|
|
src/bin/jp2/convert.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
|
|
index 5459f7d44..e606c9be7 100644
|
|
--- a/src/bin/jp2/convert.c
|
|
+++ b/src/bin/jp2/convert.c
|
|
@@ -1185,7 +1185,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters)
|
|
}
|
|
|
|
fseek(f, 0, SEEK_SET);
|
|
- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1,
|
|
+ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1,
|
|
&endian2, signtmp, &prec, temp, &w, temp, &h) != 9) {
|
|
fclose(f);
|
|
fprintf(stderr,
|