Fix CVE-2021-3443

This commit is contained in:
Josef Řídký 2021-03-16 08:23:14 +01:00
parent c9fbfa2a94
commit 7ea8e1cbc4
2 changed files with 35 additions and 1 deletions

View File

@ -0,0 +1,29 @@
From f94e7499a8b1471a4905c4f9c9e12e60fe88264b Mon Sep 17 00:00:00 2001
From: Michael Adams <mdadams@ece.uvic.ca>
Date: Sat, 13 Mar 2021 20:04:58 -0800
Subject: [PATCH] Fixes #269. Added a check for an invalid component reference
in the JP2 decoder.
---
src/libjasper/jp2/jp2_dec.c | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
index 2863d82..fe2e29d 100644
--- a/src/libjasper/jp2/jp2_dec.c
+++ b/src/libjasper/jp2/jp2_dec.c
@@ -451,7 +451,13 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
}
} else {
for (i = 0; i < dec->numchans; ++i) {
- jas_image_setcmpttype(dec->image, dec->chantocmptlut[i],
+ unsigned compno = dec->chantocmptlut[i];
+ if (compno >= jas_image_numcmpts(dec->image)) {
+ jas_eprintf(
+ "error: invalid component reference (%d)\n", compno);
+ goto error;
+ }
+ jas_image_setcmpttype(dec->image, compno,
jp2_getct(jas_image_clrspc(dec->image), 0, i + 1));
}
}

View File

@ -6,7 +6,7 @@
Summary: Implementation of the JPEG-2000 standard, Part 1
Name: jasper
Version: 2.0.26
Release: 1%{?dist}
Release: 2%{?dist}
License: JasPer
URL: http://www.ece.uvic.ca/~frodo/jasper/
@ -15,6 +15,7 @@ Source0: https://github.com/jasper-software/jasper/archive/version-%{version}.ta
# skip hard-coded prefix/lib rpath
Patch2: jasper-2.0.14-rpath.patch
Patch3: jasper-freeglut.patch
Patch4: jasper-CVE-2021-3443.patch
# architecture related patches
Patch100: jasper-2.0.2-test-ppc64-disable.patch
@ -68,6 +69,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
# Need to disable one test to be able to build it on ppc64 arch
# At ppc64 this test just stuck (nothing happend - no exception or error)
%patch3 -p1 -b .freeglut
%patch4 -p1 -b .CVE-2021-3443
%if "%{_arch}" == "ppc64"
%patch100 -p1 -b .test-ppc64-disable
@ -128,6 +130,9 @@ make test -C builder
%changelog
* Tue Mar 16 2021 Josef Ridky <jridky@redhat.com> - 2.0.26-2
- Fix CVE-2021-3443 (#1939233)
* Wed Mar 10 2021 Josef Ridky <jridky@redhat.com> - 2.0.26-1
- New upstream release 2.0.26 (#1935900)