jasper/SOURCES/jasper-2.0.14-CVE-2021-3272.patch

19 lines
735 B
Diff
Raw Permalink Normal View History

2021-11-09 09:49:55 +00:00
diff -urNp a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
--- a/src/libjasper/jp2/jp2_dec.c 2021-06-01 13:50:54.213552191 +0200
+++ b/src/libjasper/jp2/jp2_dec.c 2021-06-01 14:02:40.016274587 +0200
@@ -396,6 +396,14 @@ jas_image_t *jp2_decode(jas_stream_t *in
}
}
+ /* Ensure that the number of channels being used by the decoder
+ matches the number of image components. */
+ if (dec->numchans != jas_image_numcmpts(dec->image)) {
+ jas_eprintf("error: mismatch in number of components (%d != %d)\n",
+ dec->numchans, jas_image_numcmpts(dec->image));
+ goto error;
+ }
+
/* Mark all components as being of unknown type. */
for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) {