[BACK]Return to patch-src_lib_openmj2_t2.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / graphics / openjpeg / patches

File: [cvs.NetBSD.org] / pkgsrc / graphics / openjpeg / patches / patch-src_lib_openmj2_t2.c (download)

Revision 1.2, Tue Nov 26 23:24:25 2019 UTC (2 years, 1 month ago) by sevan
Branch: MAIN
CVS Tags: pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4, HEAD
Changes since 1.1: +6 -3 lines

pasto

$NetBSD: patch-src_lib_openmj2_t2.c,v 1.2 2019/11/26 23:24:25 sevan Exp $

CVE-2018-16376
https://github.com/uclouvain/openjpeg/issues/1127
https://nvd.nist.gov/vuln/detail/CVE-2018-16376

--- src/lib/openmj2/t2.c.orig	2019-04-02 12:45:15.000000000 +0000
+++ src/lib/openmj2/t2.c
@@ -166,6 +166,15 @@ static int t2_encode_packet(opj_tcd_tile
 
     /* <SOP 0xff91> */
     if (tcp->csty & J2K_CP_CSTY_SOP) {
+	if (length < 6) {
+	    if (p_t2_mode == FINAL_PASS) {
+		opj_event_msg(p_manager, EVT_ERROR,
+				"opj_t2_encode_packet(): only %u bytes remaining in "
+				"output buffer. %u needed.\n",
+				length, 6);
+	    }
+	    return OPJ_FALSE;
+	}
         c[0] = 255;
         c[1] = 145;
         c[2] = 0;
@@ -272,6 +281,15 @@ static int t2_encode_packet(opj_tcd_tile
 
     /* <EPH 0xff92> */
     if (tcp->csty & J2K_CP_CSTY_EPH) {
+	if (length < 2) {
+	    if (p_t2_mode == FINAL_PASS) {
+		opj_event_msg(p_manager, EVT_ERROR,
+				"opj_t2_encode_packet(): only %u bytes remaining in "
+				"output buffer. %u needed.\n",
+				length, 2);
+	    }
+	    return OPJ_FALSE;
+	}
         c[0] = 255;
         c[1] = 146;
         c += 2;