guix/gnu/packages/patches/jasper-CVE-2016-1867.patch
Leo Famulari 90bcecc568 gnu: jasper: Add fixes for several security flaws.
* gnu/packages/patches/jasper-CVE-2007-2721.patch,
gnu/packages/patches/jasper-CVE-2008-3520.patch,
gnu/packages/patches/jasper-CVE-2011-4516-and-CVE-2011-4517.patch,
gnu/packages/patches/jasper-CVE-2014-8137.patch,
gnu/packages/patches/jasper-CVE-2014-8138.patch,
gnu/packages/patches/jasper-CVE-2014-8157.patch,
gnu/packages/patches/jasper-CVE-2014-8158.patch,
gnu/packages/patches/jasper-CVE-2014-9029.patch,
gnu/packages/patches/jasper-CVE-2016-1867.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/image.scm (jasper)[source]: Add patches.
2016-02-04 15:09:41 -05:00

18 lines
756 B
Diff

Fix CVE-2016-1867 (Out-of-bounds read in jpc_pi_nextcprl()).
Copied from SUSE.
https://bugzilla.suse.com/show_bug.cgi?id=961886
https://bugzilla.redhat.com/show_bug.cgi?id=1298135
--- jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c 2016-01-14 14:22:24.569056412 +0100
@@ -429,7 +429,7 @@
}
for (pi->compno = pchg->compnostart, pi->picomp =
- &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno,
+ &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
++pi->picomp) {
pirlvl = pi->picomp->pirlvls;
pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +