gnu: openjpeg-2.x: Add fix for use-after-free in opj_j2k_write_mco.
* gnu/packages/patches/openjpeg-use-after-free-fix.patch: New file. * gnu-system.am (dist_patch_DATA): Add it. * gnu/packages/image.scm (openjpeg, openjpeg-2.0)[source]: Add patch. [home-page]: Update.
This commit is contained in:
parent
9ab5ea449e
commit
b927058237
|
@ -571,6 +571,7 @@ dist_patch_DATA = \
|
|||
gnu/packages/patches/nvi-dbpagesize-binpower.patch \
|
||||
gnu/packages/patches/nvi-db4.patch \
|
||||
gnu/packages/patches/openexr-missing-samples.patch \
|
||||
gnu/packages/patches/openjpeg-use-after-free-fix.patch \
|
||||
gnu/packages/patches/openssl-runpath.patch \
|
||||
gnu/packages/patches/openssl-c-rehash.patch \
|
||||
gnu/packages/patches/orpheus-cast-errors-and-includes.patch \
|
||||
|
|
|
@ -271,7 +271,8 @@ work.")
|
|||
(string-append "mirror://sourceforge/openjpeg.mirror/" name "-"
|
||||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32 "00zzm303zvv4ijzancrsb1cqbph3pgz0nky92k9qx3fq9y0vnchj"))))
|
||||
(base32 "00zzm303zvv4ijzancrsb1cqbph3pgz0nky92k9qx3fq9y0vnchj"))
|
||||
(patches (list (search-patch "openjpeg-use-after-free-fix.patch")))))
|
||||
(build-system cmake-build-system)
|
||||
(arguments
|
||||
;; Trying to run `$ make check' results in a no rule fault.
|
||||
|
@ -292,7 +293,7 @@ In addition to the basic codec, various other features are under
|
|||
development, among them the JP2 and MJ2 (Motion JPEG 2000) file formats,
|
||||
an indexing tool useful for the JPIP protocol, JPWL-tools for
|
||||
error-resilience, a Java-viewer for j2k-images, ...")
|
||||
(home-page "https://code.google.com/p/openjpeg/")
|
||||
(home-page "https://github.com/uclouvain/openjpeg")
|
||||
(license license:bsd-2)))
|
||||
|
||||
(define-public openjpeg-2.0
|
||||
|
@ -306,7 +307,8 @@ error-resilience, a Java-viewer for j2k-images, ...")
|
|||
(string-append "mirror://sourceforge/openjpeg.mirror/" name "-"
|
||||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32 "1c2xc3nl2mg511b63rk7hrckmy14681p1m44mzw3n1fyqnjm0b0z"))))))
|
||||
(base32 "1c2xc3nl2mg511b63rk7hrckmy14681p1m44mzw3n1fyqnjm0b0z"))
|
||||
(patches (list (search-patch "openjpeg-use-after-free-fix.patch")))))))
|
||||
|
||||
(define-public openjpeg-1
|
||||
(package (inherit openjpeg)
|
||||
|
|
|
@ -0,0 +1,48 @@
|
|||
From 940100c28ae28931722290794889cf84a92c5f6f Mon Sep 17 00:00:00 2001
|
||||
From: mayeut <mayeut@users.noreply.github.com>
|
||||
Date: Sun, 6 Sep 2015 17:24:03 +0200
|
||||
Subject: [PATCH] Fix potential use-after-free in opj_j2k_write_mco function
|
||||
|
||||
Fixes #563
|
||||
---
|
||||
src/lib/openjp2/j2k.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
|
||||
index 19a48f5..d487d89 100644
|
||||
--- a/src/lib/openjp2/j2k.c
|
||||
+++ b/src/lib/openjp2/j2k.c
|
||||
@@ -5559,8 +5559,7 @@ static OPJ_BOOL opj_j2k_write_mco( opj_j2k_t *p_j2k,
|
||||
assert(p_stream != 00);
|
||||
|
||||
l_tcp =&(p_j2k->m_cp.tcps[p_j2k->m_current_tile_number]);
|
||||
- l_current_data = p_j2k->m_specific_param.m_encoder.m_header_tile_data;
|
||||
-
|
||||
+
|
||||
l_mco_size = 5 + l_tcp->m_nb_mcc_records;
|
||||
if (l_mco_size > p_j2k->m_specific_param.m_encoder.m_header_tile_data_size) {
|
||||
|
||||
@@ -5575,6 +5574,8 @@ static OPJ_BOOL opj_j2k_write_mco( opj_j2k_t *p_j2k,
|
||||
p_j2k->m_specific_param.m_encoder.m_header_tile_data = new_header_tile_data;
|
||||
p_j2k->m_specific_param.m_encoder.m_header_tile_data_size = l_mco_size;
|
||||
}
|
||||
+ l_current_data = p_j2k->m_specific_param.m_encoder.m_header_tile_data;
|
||||
+
|
||||
|
||||
opj_write_bytes(l_current_data,J2K_MS_MCO,2); /* MCO */
|
||||
l_current_data += 2;
|
||||
@@ -5586,10 +5587,9 @@ static OPJ_BOOL opj_j2k_write_mco( opj_j2k_t *p_j2k,
|
||||
++l_current_data;
|
||||
|
||||
l_mcc_record = l_tcp->m_mcc_records;
|
||||
- for (i=0;i<l_tcp->m_nb_mcc_records;++i) {
|
||||
+ for (i=0;i<l_tcp->m_nb_mcc_records;++i) {
|
||||
opj_write_bytes(l_current_data,l_mcc_record->m_index,1);/* Imco -> use the mcc indicated by 1*/
|
||||
++l_current_data;
|
||||
-
|
||||
++l_mcc_record;
|
||||
}
|
||||
|
||||
--
|
||||
2.5.0
|
||||
|
Loading…
Reference in New Issue