jasper/jasper-CVE-2021-3443.patch

From f94e7499a8b1471a4905c4f9c9e12e60fe88264b Mon Sep 17 00:00:00 2001
From: Michael Adams <mdadams@ece.uvic.ca>
Date: Sat, 13 Mar 2021 20:04:58 -0800
Subject: [PATCH] Fixes #269. Added a check for an invalid component reference
 in the JP2 decoder.

---
 src/libjasper/jp2/jp2_dec.c |   8 +++++++-
 1 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
index 2863d82..fe2e29d 100644
--- a/src/libjasper/jp2/jp2_dec.c
+++ b/src/libjasper/jp2/jp2_dec.c
@@ -451,7 +451,13 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
 		}
 	} else {
 		for (i = 0; i < dec->numchans; ++i) {
-			jas_image_setcmpttype(dec->image, dec->chantocmptlut[i],
+			unsigned compno = dec->chantocmptlut[i];
+			if (compno >= jas_image_numcmpts(dec->image)) {
+				jas_eprintf(
+				  "error: invalid component reference (%d)\n", compno);
+				goto error;
+			}
+			jas_image_setcmpttype(dec->image, compno,
 			  jp2_getct(jas_image_clrspc(dec->image), 0, i + 1));
 		}
 	}
Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/jasper.git#7ea8e1cbc4ffc32d779e74d194ab8194e76e9616 2021-03-19 14:46:08 +00:00			`From f94e7499a8b1471a4905c4f9c9e12e60fe88264b Mon Sep 17 00:00:00 2001`
			`From: Michael Adams <mdadams@ece.uvic.ca>`
			`Date: Sat, 13 Mar 2021 20:04:58 -0800`
			`Subject: [PATCH] Fixes #269. Added a check for an invalid component reference`
			`in the JP2 decoder.`

			`---`
			`src/libjasper/jp2/jp2_dec.c \| 8 +++++++-`
			`1 files changed, 7 insertions(+), 1 deletion(-)`

			`diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c`
			`index 2863d82..fe2e29d 100644`
			`--- a/src/libjasper/jp2/jp2_dec.c`
			`+++ b/src/libjasper/jp2/jp2_dec.c`
			`@@ -451,7 +451,13 @@ jas_image_t jp2_decode(jas_stream_t in, const char *optstr)`
			`}`
			`} else {`
			`for (i = 0; i < dec->numchans; ++i) {`
			`- jas_image_setcmpttype(dec->image, dec->chantocmptlut[i],`
			`+ unsigned compno = dec->chantocmptlut[i];`
			`+ if (compno >= jas_image_numcmpts(dec->image)) {`
			`+ jas_eprintf(`
			`+ "error: invalid component reference (%d)\n", compno);`
			`+ goto error;`
			`+ }`
			`+ jas_image_setcmpttype(dec->image, compno,`
			`jp2_getct(jas_image_clrspc(dec->image), 0, i + 1));`
			`}`
			`}`